Due to ISP DPI OpenVPN traffic blocking mechanism
I have to setup a proxy server on the router and then connect the OpenVPN client to the commercial VPN provider via the http-proxy.Since both openvpn client and the proxy server do run on a same router or better to say localhost as soon as the openvpn client connects to the VPN server via the http-proxy 127.0.0.1 1080
the VPN server pushes all the routes to the router and it messes with the router
default kernel routes and then the proxy server routes also gets changed and stops working,
as a consequence the openvpn client also gets disconnected and then openvpn clients gets disconnected too and the openvpn client retries to establish a connection and since the http-proxy has already failed and the route table is messed then the whole router internet gets locked and stops functioning.
Since the VPN provider will not customize its openvpn-server push commands for me,
In order to solve such issue I tried no-pull and added route-up script directives in the openvpn client config file, and
then opnevpn client connects to the VPN provider without any issue.
That said after tun0 interface is created by the openvpn client I have to manually prepare the route-up script in order to make the VPN internet traffic available to all devices on the lan range 192.168.55.65-192.168.55.127 or 192.168.55.64/26 with subnet mask 255.255.255.255.192
In addition I do not want the router with the ip address 192.168.55.1 and localhost (127.0.0.1) address gets access to the internet via tun0 interface, otherwise the aforementioned issue will appear again, those router or localhost ip should use the phy-sta0 or wan internet gateway of 192.168.8.1 wan which comes from a separate LTE router interface.
What I need is the required route commands that I have to insert in the route-up script once after the tun0 (vpn) is created.
As a side note OpenWRT router is based on linux, and linux route and iptables commands should suffice.
As a test I would like to see following results
,#traceroute www.yahoo.com
The above command should provide same nodes/paths before tun0 creation.
Following command should show different nodes and show the tun0 gateway as the next hop,
Or running following command on any connected lan device or (lan-bridge)
#traceroute www.yahoo.com
(connected LAN devices are in range 192.168.55.64/26)
should show then tun0 as a gateway.
As a note following kernel IP routing table should change accordingly,
Thanks
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 192.168.8.1 0.0.0.0 UG 0 0 0 phy1-sta0
10.124.148.0 0.0.0.0 255.255.254.0 U 0 0 0 tun0
192.168.8.0 0.0.0.0 255.255.255.0 U 0 0 0 phy1-sta0
192.168.55.0 0.0.0.0 255.255.255.0 U 0 0 0 br-lan
#ip route show
default via 192.168.8.1 dev phy1-sta0 proto static src 192.168.8.118
10.124.148.0/23 dev tun0 proto kernel scope link src 10.124.148.101
192.168.8.0/24 dev phy1-sta0 proto kernel scope link src 192.168.8.118
192.168.55.0/24 dev br-lan proto kernel scope link src 192.168.55.1