New to this - Routing only corporate traffic through SSTP VPN

Just_Elephant_2593 · March 12, 2025, 10:23am

So being a person who likes to tinker, I recently switched over to Openwrt and am having a good bit of fun with the amount of options (and also a bit overwhelmed). Im still quite new to this whole thing, so please forgive me if this is a fairly basic question.

Overall, my goal is to access some servers in a corporate domain (samba shares, license servers, etc) from my home network via an SSTP VPN, but without routing all of my internet traffic through this VPN. I saw that Openwrt can act as a VPN client for openvpn or wireguard, but couldnt find any decent guide on how to set up a SSTP client.

Ive been able to connect to the corporate VPN just fine in a desktop linux sytem via sstpc and trying the same config on the openwrt, I am presented with a new ‘device’ called ppp0. In case it helps, nothing is showing up under ‘interfaces’.

Im a bit lost on where to go from here. I am unsure how to get my traffic to go through the ppp0 tunnel. im thinking that there are some firewall rules that i probably have to apply? But as for how to get only specific traffic to go through the VPN, im at a complete loss.

Any tips or guidance would be greatly appreciated!

wfd · March 12, 2025, 10:23am

You need to add static route to routing for controlling traffic goes into which interface.

AcidSlide · March 12, 2025, 10:23am

You can check PBR (policy based routing), it’s meant for this kind of stuffs.

Just note that PBR and MWAN3 doesn’t work together, so if you are using MWAN3, it has a similar setup but takes more tinkering to make it work.

Just_Elephant_2593 · March 12, 2025, 10:23am

Ok, im giving that a go!

I seem to have hit a snag though - right now i can get all the traffic to go through the VPN if I assign the VPN to be part of the WAN firewall zone AND if i select use default route in the interface configuration. I know this because my public IP changes vs the one that my ISP assigns.

However, If i try to set up the VPN as a different firewall zone (lets say i define a work zone with no rules, but keep everything else the same) then i suddenly cant get online anymore. Internet is only restored if I completely remove the interface or if i uncheck the ‘use default route’ box in the interface (again, leaving everything else the same).

Is this the expected behavior? or am is something misconfigured.