Dietpi-vpn default routing

Hi,
I have created a project that uses different rpi3s in different networks whit dietpi.
I need that the data traffic that the raspberry generates passes through the local ip address.
In order to keep the code inside them updated, I set up the connection to my openvpn server via dietpi-vpn, to be able to guarantee remote maintenance access via ssh.
My problem is that all the http requests generated by the rpi are exposed through the ip address of the openvpn server.
The configuration of my ovpn file is:

client
dev tun
proto udp
remote XXXXXXXX
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
auth SHA512
cipher AES-256-CBC
ignore-unknown-option block-outside-dns
block-outside-dns
verb 3

my ip route results is:

root@Ivca:~# ip route
0.0.0.0/1 via 10.8.0.1 dev tun0
default via 192.168.1.254 dev eth0
10.8.0.0/24 dev tun0 proto kernel scope link src 10.8.0.3
81.56.xx.xx via 192.168.1.254 dev eth0
128.0.0.0/1 via 10.8.0.1 dev tun0
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1
192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.12

Thanks a lot for all replies :wink:

ip route add to default via 192.168.1.254 table 100
ip rule add iif lo to default lookup 100 prio 15000

Thanks!
I tried to run the commands you suggested and I can no longer connect to the remote rpi via ssh and vpn

Where are you connecting from? The lan (192.168.1.0/24) or some other network?

ip route add to 192.168.1.0/24 dev eth0 table 100

I’m connecting via SSH from another VPN client or from the VPN server.

192.168.1.x is the remote private network where the Rpi Is connected.

I need that dietpi allow remote access via SSH from the VPN network, but all http requests generated by the Rpi, including those generated by the docker, must go through the local network and not through VPN.

if I now connect through an SSH client in the same local network as the RPi this is the routing table that I see after entering the commands you suggested.

ip route
0.0.0.0/1 via 10.8.0.1 dev tun0
default via 192.168.1.254 dev eth0
10.8.0.0/24 dev tun0 proto kernel scope link src 10.8.0.3
81.56.xx.xx via 192.168.1.254 dev eth0
128.0.0.0/1 via 10.8.0.1 dev tun0
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1
192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.12

81.56.xx.xx Is the public ip address of VPN server

I don’t see any route to a tunnel interface used as vpn server. You have only tun0 which is used as vpn client to connect to the internet.

ip route add to 192.168.X.0/24 dev tunX table 100

Adjust the network and the interface of your vpn server and run it to be able to access this network too.

1 Like