# VPN on home router, do not want connected devices to use

## happysmash27

This is probably one of the harder things to phrase. I can't even title this well...

Basically, I use my PC as a home router, because I don't want to spend the money to buy anything else to use as a router. Recently, I decided to use a VPN. However, when I configure this on my PC/home router, all of the other devices are unable to connect to the internet. I fixed this by enabling masquarade for the VPN, but all of the devices are now going through the VPN. I tried to fix this issue by using the guide at https://prosauce.org/blog/2010/12/22/route-based-on-source-ip-address-linux-bsd.html, but now, I can't figure out how to make the rules permanent. Note that the examples listed below are not the results of the temporary fix at https://prosauce.org/blog/2010/12/22/route-based-on-source-ip-address-linux-bsd.html, but of the boot scripts.

/etc/conf.d/net.wlp6s0:

```
# Set the dns_domain_lo variable to the selected domain name

dns_domain_lo="x86_64-Pig"

config_enp8s0f0="dhcp"

modules_wlp6s0="!iwconfig !wpa_supplicant"

config_wlp6s0="192.168.27.1/24 brd 192.168.27.255"

routes_wlp6s0=("flush 270"

      "table 270 to 192.168.0.0/24 dev wlp6s0"

      "table 270 to default via <closest internet node> dev enp8s0f0")

rules_wlp6s0="from 192.168.0.0/24 table 270 priority 270"
```

Output of 

```
/etc/init.d/net.wlp6s0 restart; rfkill unblock wlan; /etc/init.d/hostapd start; sleep 5; echo "\n"
```

:

```
 * Caching service dependencies ...                                                                                                   [ ok ]

 * Stopping openvpn.AzireVPN-se ...                                                                                                   [ ok ]

 * /etc/init.d/openhab2 uses runscript, please convert to openrc-run.

 * Stopping openHAB ...

 * start-stop-daemon: no matching processes found                                                                                     [ ok ]

 * Unmounting network filesystems ...                                                                                                 [ ok ]

 * Stopping hamachi ...

Already logged out                                                                                                                    [ ok ]

 * Stopping dnsmasq ...                                                                                                               [ ok ]

 * Stopping apache2 ...                                                                                                               [ ok ]

 * Stopping hostapd ...                                                                                                               [ ok ]

 * Bringing down interface wlp6s0

 *   Removing IPv4 RPDB rules

RTNETLINK answers: No such file or directory

Error talking to the kernel

 * Bringing up interface wlp6s0

 *   192.168.27.1/24 ...                                                                                                              [ ok ]

 *   You are using a bash array for routes_wlp6s0.

 *   This feature will be removed in the future.

 *   Please see net.example for the correct format for routes_wlp6s0.

 *   Adding routes

 *     flush 270 ...

Error: any valid prefix is expected rather than "flush".                                                                              [ !! ]

 *     table 270 to 192.168.0.0/24 dev wlp6s0 ...

Error: Device for nexthop is not up.                                                                                                  [ !! ]

 *     table 270 to default via <closest internet node> dev enp8s0f0 ...

Error: Nexthop has invalid gateway.                                                                                                   [ !! ]

 *   Adding IPv4 RPDB rules

 * /etc/init.d/openhab2 uses runscript, please convert to openrc-run.

 * Call to flock failed: Resource temporarily unavailable

 * WARNING: hostapd is already starting

 * Starting openHAB ...

 * Starting hostapd ...                                                                                                               [ ok ]

 * Starting dnsmasq ...

Configuration file: /etc/hostapd/hostapd.conf

 * Starting hamachi ...

wlp6s0: interface state UNINITIALIZED->COUNTRY_UPDATE

Using interface wlp6s0 with hwaddr de:ae:02:fa:88:12 and ssid "Computer-Pig"                                                          [ ok ]

wlp6s0: interface state COUNTRY_UPDATE->ENABLED

wlp6s0: AP-ENABLED                                                                                                                    [ ok ]

 * Mounting network filesystems ...

 * Starting openvpn.AzireVPN-se ...                                                                                                   [ ok ]

 * WARNING: openvpn.AzireVPN-se has started, but is inactive

 * Starting apache2 ...                                                                                                               [ ok ]

```

Output of 

```
iptables -L
```

:

```
Chain INPUT (policy ACCEPT)

target     prot opt source               destination         

ACCEPT     all  --  anywhere             anywhere            

ACCEPT     all  --  anywhere             anywhere            

REJECT     udp  --  anywhere             anywhere             udp dpt:bootps reject-with icmp-port-unreachable

REJECT     udp  --  anywhere             anywhere             udp dpt:domain reject-with icmp-port-unreachable

ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:ssh

ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:http

ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:https

DROP       tcp  --  anywhere             anywhere             tcp dpts:0:1023

DROP       udp  --  anywhere             anywhere             udp dpts:0:1023

Chain FORWARD (policy DROP)

target     prot opt source               destination         

DROP       all  --  anywhere             192.168.0.0/16      

ACCEPT     all  --  192.168.0.0/16       anywhere            

ACCEPT     all  --  anywhere             192.168.0.0/16      

ACCEPT     all  --  anywhere             192.168.0.0/16      

ACCEPT     all  --  anywhere             192.168.0.0/16      

ACCEPT     all  --  anywhere             192.168.0.0/16      

ACCEPT     all  --  anywhere             192.168.0.0/16      

ACCEPT     all  --  anywhere             192.168.0.0/16      

Chain OUTPUT (policy ACCEPT)

target     prot opt source               destination         

```

Output of 

```
ip route
```

:

```

0.0.0.0/1 via 193.183.116.1 dev tun0 

default via <closest internet node> dev enp8s0f0 proto static metric 100 

25.0.0.0/8 dev ham0 proto kernel scope link src 25.76.239.160 

68.114.36.12 via <closest internet node> dev enp8s0f0 proto dhcp metric 100 

<closest internet node, but with last digit 0>/23 dev enp8s0f0 proto kernel scope link src <public IP> metric 100 

128.0.0.0/1 via 193.183.116.1 dev tun0 

192.168.27.0/24 dev wlp6s0 proto kernel scope link src 192.168.27.1 

193.180.164.50 via <closest internet node> dev enp8s0f0 

193.183.116.0/26 dev tun0 proto kernel scope link src 193.183.116.16 

```

Output of 

```
ip rule
```

:

```
0:      from all lookup local 

270:    from 192.168.0.0/24 lookup lan 

32766:  from all lookup main 

32767:  from all lookup default 

```

```
ip route show table 270
```

 gives no output, as the boot configuration does not seem to work.

Does anyone know how I can fix this? Thanks!

----------

