Client/StaticRoutes

How to create static routes in the web interface

"Interface" must be set towards the interface that should be used as a first hop, where the device providing VPN is. This depends on your network/VPN setup.

"Target" and "IPv4 Netmask" should be set according to the IP subnet used in your VPN (100.64.8.0 255.255.255.0 ?)

Metric, MTU and Route Type can be left as is. To save, make sure to press "Save & Apply" at the bottom of the page instead of the "Add" button seen in the screenshot.

Again, the reason why this happens is likely that you are accessing the router with a source IP address that is within the LAN IP subnet. With Bondix disabled, the router will use its regular default route, which happens to route the responses to your device accordingly. However, when S.A.NE is enabled, the default route changes to go through the tunnel, bypassing your regular VPN routing setup.

If you are still unsure, log into the router via SSH through your VPN setup when the bondix tunnel is disabled. To find out which IP the router sees, you can do a

logread | grep dropbear

The last line should be something along "Password auth succeeded for 'root' from 10.24.0.2:57401". (But of course with your IP instead.)

Now, do a traceroute for that IP on the device:

The first hop reveals which gateway IP to put in the static route, based on this you can also determine which interface must be configured. If you are unsure about the netmask, you can use 255.255.255.255 to only route your IP.