OpenVPN routing for a single client IP

Hi, first of all thanks for a great distro. A very happy user here.

I use IPFire with a VPN provider as described here: This works well, even though I need to recreate the tun node after every boot (would be grateful for a solution to this as well). What this does obviously is route all traffic from the internal network through the VPN.

What I’m now trying to accomplish is having the OpenVPN connection be used only for specific internal IPs. As far as I can tell, I need to do this using source based routing. I’m using this tutorial:

I’m done with all the up/down scripts and the connection starts and routes get added, but nothing gets routed through it. In the first tutorial I linked, this is done using the command

iptables -t nat -A POSTROUTING -s -o tun0 -j MASQUERADE

Now if I modify this for a single host, e.g.:

iptables -t nat -A POSTROUTING -s -o tun0 -j MASQUERADE

all other hosts lose internet access.

As far as I can tell, I need to implement the following part from the 2nd tutorial:

Add a new interface in /etc/config/network:

config interface ‘myvpn’
option proto ‘none’
option ifname ‘tun0’

Add a new zone to /etc/config/firewall:

config zone
option forward ‘REJECT’
option output ‘ACCEPT’
option name ‘VPN_FW’
option input ‘REJECT’
option masq ‘1’
option network ‘myvpn’
option mtu_fix ‘1’

config forwarding
option dest ‘VPN_FW’
option src ‘lan’

There are no /etc/config files in IPFire and I can’t see anything similar in /var/ipfire to configure the network interface and/or the firewall. Is there any way to do this in IPFire?


do you want to talk about

  • routing ?
  • or NAT ?

(you rules are only for NAT… what means … routes must have been setted before)


thanks for your answer. I’m interested in everything and anything that is needed to make this work, NAT and routing included.

If there’s any more info I can provide about the thing I want to do, please let me know.

Thanks. :slight_smile: