OpenVPN client on the router?

There is a need to let most of the domestic traffic through OpenVPN server installed in the cloud at Amazon. As connected not only computers, but also household appliances that can not supply OpenVPN client, it is supposed to buy a router ZyXEL Keenetic Giga and put the client there.


There are torrents that generate excessive traffic, for which Amazon asks for money, as well as some sites that consider visitors to the Amazon bots. Is it possible and how best to do so they worked to bypass the OpenVPN client?


All that was possible naguglit mainly concerns the reverse process, i.e. access to the router and everything behind it is using the OpenVPN...

Update: I would also accept the option when OpenVPN runs on the router by default without any traffic filtering, but for computers available direct connection. Ie if the router can support simultaneously two compounds and a particular client can be set to any of them at any point in time, it would also be a solution.
October 8th 19 at 01:44
4 answers
October 8th 19 at 01:46
Tell me how to Giga to put OpenVPN?
In my own experience I can not tell, but judging from the instructions, the problem is solved quite easily: time and two - Santino.VonRueden commented on October 8th 19 at 01:49
October 8th 19 at 01:48
The question is not really how to put OpenVPN, and how to let it through only the desired traffic.

Digression: due to the curves of the hands decided that it is easier to buy a new router where OpenVPN can be installed directly into the stock firmware, though the TP-LINK 1043ND with OpenWRT friendly. Besides Kinetik solves some other problems tplink (brake NAS, logs IPTV, etc.) that are on stock firmware, so the basis is this option. - Santino.VonRueden commented on October 8th 19 at 01:51
October 8th 19 at 01:50
Comes to mind 2 options, either cisco-router PBR or linux with iptables with ipp2p module and package marking with the departure of their bypass OpenVPN. Plus a simple route table for "some sites that consider visitors to the Amazon bots".
In principle, if you remember Smoking rabbit, I think the 2nd option can be implemented on OpenWRT.
You will have to put there a module for iptables, if you decide it is, the rest is all no problem.
Forgot — if we consider the first option, but on the server in the cloud will have to raise a great VPN and OpenVPN, which supports cisco, pptp for example. - Santino.VonRueden commented on October 8th 19 at 01:53
Here the discussion ipp2p for dd-wrt, though in Spanish, goo.gl/XzvzZ - Santino.VonRueden commented on October 8th 19 at 01:56
It's too cool for the task.

A router of the same type of kinetics could not support two connections: one using OpenVPN and the other directly to the soft on the side Windows he chose through which to work? So, for example, the TV constantly hung on OpenVPN, and the computers were connected manually when needed?

The simplest is of course to connect a second router to another provider, but I would like to do one. - simeon_Fay commented on October 8th 19 at 01:59
Nothing complicated actually.
So initially You differently was set the task... now write "tv with one channel, and the rest from another" — this is a SBR. This problem can be solved for the open(dd)wrt regular means.
Would you say my heart's content. - simeon_Fay commented on October 8th 19 at 02:02
Sorry. Task put "ideally" because they do not know from what end to approach. Then added alternatively less universal, but apparently easier to implement.

You can read more about "standard tools"? As I understand it Suharevskaya firmware is slightly inferior to OpenWRT, but for me pretty important to all but OpenVPN worked out of the box. - Santino.VonRueden commented on October 8th 19 at 02:05
I mean, what to do source based routing can be done in the Open(dd)WRT without any additional packages. Using iptables and ip.
to create tables and rules using the ip rule and ip route and make NAT via iptables to whom through what channel you need. - simeon_Fay commented on October 8th 19 at 02:08
well, the easiest painless option — only the tv goes through OpenVPN, everything else through the main channel, very easy.
1. to make the TV a static IP.
2. NAT-ing this IP via OpenVPN
3. everything else is NAT-ing through the main channel. - Santino.VonRueden commented on October 8th 19 at 02:11
October 8th 19 at 01:52
Something tells me that the task is much simpler and solves the normal routing table and static routes
Not quite. sbr is needed, one route table is not enough.
In General, the author does not understand, he has one task or the other. - Santino.VonRueden commented on October 8th 19 at 01:55
I understand that in its original form the problem is not solved by simple means, therefore, simplify the question to separate flies from cutlets. On the computer I'd used by Windows client and then, because OpenVPN needs occasionally. But on the telly a good half of the services requires an American IP, so there he preferably without the participation of computers. At the same time on the telly do not need to filter traffic, torrents I from it not shake and do not go on stackoverflow.

But with Open(DD)WRT to communicate do not really want, as there are even to provide the basic functionality needed a direct hand, not to mention such narrow issues. - Santino.VonRueden commented on October 8th 19 at 01:58

Find more questions by tags Computer networksNetwork equipmentOpenVPN