{"id":891,"date":"2017-04-17T01:10:50","date_gmt":"2017-04-17T05:10:50","guid":{"rendered":"https:\/\/www.devolve.net\/blog\/?p=891"},"modified":"2018-07-13T10:24:08","modified_gmt":"2018-07-13T14:24:08","slug":"default-route-via-vpn-while-keeping-lan-services-available","status":"publish","type":"post","link":"https:\/\/www.devolve.local\/default-route-via-vpn-while-keeping-lan-services-available\/","title":{"rendered":"Default route via VPN while keeping LAN &#038; services available"},"content":{"rendered":"<p>OpenVPN is working great and all, but I was having trouble getting my other LAN hosts to connect to the OpenVPN client system (a Raspberry Pi) while also keeping the services I normally run on it available from the internet. On the remote server, I was using <code>redirect-gateway def1<\/code>, which works but makes some assumptions about how you intend to use it.<\/p>\n<p>After a lot of frustration and perusal of almost-but-not-quite posts on OpenVPN troubleshooting, I came across an <a href=\"http:\/\/brainscraps.wikia.com\/wiki\/Setup_Gateway_Routing_On_Multiple_Network_Interfaces\" target=\"_blank\">article<\/a> which didn&#8217;t mention OpenVPN but instead discussed how to set default routes for multiple interfaces.<\/p>\n<p>Here&#8217;s what I took away. Extra lines in \/etc\/openvpn\/client.conf:<\/p>\n<pre>up-delay\r\nroute-delay 2\r\nscript-security 2\r\nroute-up \/etc\/openvpn\/multiple_gateways.sh<\/pre>\n<p>and in multiple_gateways.sh:<\/p>\n<pre>#!\/bin\/sh\r\n\/sbin\/ip route add _local_net_\/24 dev eth0 src _local_ip_ table mypriv\r\n\/sbin\/ip route add default via _local_gateway_ dev eth0 table mypriv\r\n\/sbin\/ip rule add from _local_ip_\/32 table mypriv\r\n\/sbin\/ip rule add to _local_ip_\/32 table mypriv<\/pre>\n<p>One caveat: I haven&#8217;t done a ton of testing, and after rebooting my Pi, it didn&#8217;t come up cleanly, so a <code>down.sh<\/code> script may be needed to tear down the extra config when OpenVPN disconnects. That being said, I have services available from the internet, connections from the LAN to the Pi working, and the default route for outgoing connections still going over the VPN.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>OpenVPN is working great and all, but I was having trouble getting my other LAN hosts to connect to the OpenVPN client system (a Raspberry Pi) while also keeping the services I normally run on it available from the internet. On the remote server, I was using redirect-gateway def1, which works but makes some assumptions [&hellip;]<\/p>\n","protected":false},"author":3,"featured_media":892,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[6],"tags":[34,17,30,22,46],"_links":{"self":[{"href":"https:\/\/www.devolve.local\/wp-json\/wp\/v2\/posts\/891"}],"collection":[{"href":"https:\/\/www.devolve.local\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.devolve.local\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.devolve.local\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.devolve.local\/wp-json\/wp\/v2\/comments?post=891"}],"version-history":[{"count":1,"href":"https:\/\/www.devolve.local\/wp-json\/wp\/v2\/posts\/891\/revisions"}],"predecessor-version":[{"id":893,"href":"https:\/\/www.devolve.local\/wp-json\/wp\/v2\/posts\/891\/revisions\/893"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.devolve.local\/wp-json\/wp\/v2\/media\/892"}],"wp:attachment":[{"href":"https:\/\/www.devolve.local\/wp-json\/wp\/v2\/media?parent=891"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.devolve.local\/wp-json\/wp\/v2\/categories?post=891"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.devolve.local\/wp-json\/wp\/v2\/tags?post=891"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}