/ Sign-up
Your question

{ Police Based Routing } to do this .....

  • PPTP
  • Routers
  • Tunneling
  • Networking
  • Linksys
Last response: in Networking
November 30, 2013 4:32:01 PM

I own a Linksys WRT54G (v3) router with the DDWRT firmware. The Linksys' WAN port is connected via ethernet cable to the DSL Gateway Modem. The gateway modem has provided a static IP to the Linksys: My setup is such that i have the Linksys router auto connecting via PPTP. At the moment ALL local traffic on the Linksys router is passing through the PPTP connection and this passes thru the WAN to the DSL gateway modem. It all works fine.

While connected to PPTP, the Linksys router's DDWRT Setup page states WAN IP =, Subnet Mask =, Default Gateway = When not connected to PPTP the same Setup page states WAN IP =, Subnet =, Gateway = Under ROUTER IP, the Linksys Router's IP is always: / 24.

I heard about Split Tunneling which would allow one to send select traffic over the PPTP and other select traffic over the regular non-PPTP network. As far as i can see DDWRT does not support such a thing and so i figured the underlying Linux policy based routing table within the Linksys router is my only hope.

My goal is to have ALL outgoing port 80 requests from my local network on the Linksys be routed through the PPTP. For all other ports i want it to bypass the PPTP and simply go through the regular non-PPTP network. What are the correct IPTABLES, IP ROUTE, IP RULES to make the above work correctly?

Much appreciated.

More about : police based routing

November 30, 2013 4:56:34 PM

ex_bubblehead said:
I think you're confused as to what split tunneling actually is. It can be a security hole and is disabled by competent network admins.

Split tunneling is a computer networking concept which allows a VPN user to access a public network and a WAN at the same time, using the same physical network connection. This connection service is usually facilitated through a program such as a VPN client software application.

Thanks for the links but actually that is EXACTLY WHAT I WANT TO DO. I want port 80 to be directed over VPN but all other ports to access the WAN as they normally would bypassing the VPN. I am not concerned about the other ports.