Hi, I’ve got a Linksys WRT3200ACM running 19.07.8 with both a wired and wireless WAN connection. The wireless is for a 5g MyFi and I have them configured for fail over which works well.
When I bring up an OpenVPN connection, whether I’m pointing at ExpressVPN or ProtonVPN my network devices are no longer routed through but the router itself can still access the Internet and handle name resolution. I’m getting the same behavior regardless of whether I have both WAN interfaces up or either of them individually. Stopping the VPN resolves the client routing issue, again, regardless of which WAN config I have running.
The obvious conclusion is that I’ve misconfigured this somehow and I’d appreciate some pointers on where to look.
Little follow up, below is the result of route with the VPN down and then up as well as confimration that with it up the router itself can route to the Internet:
root@cangrejoderio:~# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 192.168.131.1 0.0.0.0 UG 10 0 0 wlan2
default 192.168.254.254 0.0.0.0 UG 20 0 0 eth1.2
192.168.131.0 * 255.255.255.0 U 10 0 0 wlan2
192.168.132.0 * 255.255.255.0 U 0 0 0 br-lan
192.168.254.0 * 255.255.255.0 U 20 0 0 eth1.2root@cangrejoderio:~# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 10.20.0.1 128.0.0.0 UG 0 0 0 tun0
default 192.168.131.1 0.0.0.0 UG 10 0 0 wlan2
default 192.168.254.254 0.0.0.0 UG 20 0 0 eth1.2
10.20.0.0 * 255.255.0.0 U 0 0 0 tun0
XXX.XXX.XXX.XXX 192.168.131.1 255.255.255.255 UGH 0 0 0 wlan2
128.0.0.0 10.20.0.1 128.0.0.0 UG 0 0 0 tun0
192.168.131.0 * 255.255.255.0 U 10 0 0 wlan2
192.168.132.0 * 255.255.255.0 U 0 0 0 br-lan
192.168.254.0 * 255.255.255.0 U 20 0 0 eth1.2root@cangrejoderio:~# ping google.com
PING google.com (142.250.80.78): 56 data bytes
64 bytes from 142.250.80.78: seq=0 ttl=114 time=47.418 ms
64 bytes from 142.250.80.78: seq=1 ttl=114 time=48.149 ms
64 bytes from 142.250.80.78: seq=3 ttl=114 time=70.455 ms
64 bytes from 142.250.80.78: seq=4 ttl=114 time=47.809 ms
64 bytes from 142.250.80.78: seq=5 ttl=114 time=53.519 ms^C
-– google.com ping statistics —
6 packets transmitted, 5 packets received, 16% packet loss
round-trip min/avg/max = 47.418/53.470/70.455 ms
and on the client machine at the point where the VPN comes up
64 bytes from 8.8.8.8: icmp_seq=5973 ttl=58 time=10.7 ms
64 bytes from 8.8.8.8: icmp_seq=5974 ttl=58 time=13.8 ms
64 bytes from 8.8.8.8: icmp_seq=5975 ttl=58 time=11.6 ms
64 bytes from 8.8.8.8: icmp_seq=5976 ttl=58 time=11.5 ms
64 bytes from 8.8.8.8: icmp_seq=5977 ttl=58 time=13.3 ms
64 bytes from 8.8.8.8: icmp_seq=5978 ttl=58 time=11.9 ms
From 192.168.132.1 icmp_seq=5980 Destination Port Unreachable
From 192.168.132.1 icmp_seq=5981 Destination Port Unreachable
From 192.168.132.1 icmp_seq=5982 Destination Port Unreachable
From 192.168.132.1 icmp_seq=5983 Destination Port Unreachable
From 192.168.132.1 icmp_seq=5984 Destination Port Unreachable
From 192.168.132.1 icmp_seq=5985 Destination Port Unreachable
192.168.132.1 in the LAN interface of the router.
Trying to dig a little deeper on my own I took a look at /etc/openvpn/client.sh which I pulled from the OpenWRT docs
#!/bin/sh
env | sed -n -e “/^foreign_option_.*=dhcp-option.*DNS/s//nameserver/p/^foreign_option_.*=dhcp-option.*DOMAIN/s//search/p” | sort -u > /tmp/resolv.conf.vpncase ${script_type} in(up) uci set dhcp.@dnsmasq[0].resolvfile=“/tmp/resolv.conf.vpn” ;;(down) uci revert dhcp ;;esac/etc/init.d/dnsmasq restart &
/tmp/resolv.conf.vpn are all empty files. Possibly ignorance on my part but this seems “bad” to me.