Goal is to provide VPN access only to wireless connected clients, not to the local system. The problem is that all internet access on the local system goes to the VPN.
Also would like to be able to start and stop OpenVPN service without affecting local system internet access via eth0.
This system is also the DNSmasq server to the clients via eth0 and wlan0.
Is there a way to do this? eth0 and wlan0 both have static addresses set in dhcpcd.conf
wlan0 is connected to tun0 with:
sudo iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE
sudo iptables -A FORWARD -i tun0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT
sudo iptables -A FORWARD -i wlan0 -o tun0 -j ACCEPT
$ route -v WITHOUT TUN0
Kernel IP routing table
Destination Gateway Genmask Flags Metri Ref Use Iface
default 192.168.0.1 0.0.0.0 UG 202 0 0 eth0
192.168.0.0 0.0.0.0 255.255.255.0 U 202 0 0 eth0
192.168.1.0 0.0.0.0 255.255.255.0 U 303 0 0 wlan0
$ route -v WITH TUN0
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.8.1.1 128.0.0.0 UG 0 0 0 tun0
default 192.168.0.1 0.0.0.0 UG 202 0 0 eth0
10.8.1.0 0.0.0.0 255.255.255.0 U 0 0 0 tun0
128.0.0.0 10.8.1.1 128.0.0.0 UG 0 0 0 tun0
192.168.0.0 0.0.0.0 255.255.255.0 U 202 0 0 eth0
192.168.1.0 0.0.0.0 255.255.255.0 U 303 0 0 wlan0
217.138.203.211 192.168.0.1 255.255.255.255 UGH 0 0 0 eth0