ASUS RT-AC68U (merlin 378.56 beta2) with two VPN simultaneously

[Baros]

My english is not perfect but I hope you understand anyway

The request is specific for the router in question (ASUS RT-AC68U Merlin firmware version 378.56 beta 2), and I would do it all over the user interface, without the use of scripts dedicated.

The goal:

Router ip: 192.168.1.1
DHCP : From 192.168.1.100 to 192.168.1.150

VPN-1 (destination X) : all client in 192.168.1.0/27 (from .0 to .31)
VPN-2 (destination Y) : all client in 192.168.1.32/27 (from .32 to .63)

All other IPs must go on WAN (DHCP IP included)​

The situation now is:

Router ip: 192.168.1.1
DHCP : From 192.168.1.100 to 192.168.1.150

VPN-1 ACTIVE with Policy rules:

source: 192.168.1.1 - destination: 0.0.0.0 - iface: WAN
source: 192.168.1.0/27 - destination: 0.0.0.0 - iface: VPN​

And it work !
The IPs in the range .2 to .31 now pass through the VPN and all other pass through the WAN.


Now... if I activate the VPN-2 with this policy rules (simplifying the test with a single IP):

source: 192.168.1.1 - destination: 0.0.0.0 - iface: WAN
source: 192.168.1.35 - destination: 0.0.0.0 - iface: VPN​

My smartphone (192.168.1.35) and all other lan client go throught the VPN-1 ! Why ? and how can change the config for goal ?

Thanks !


PS. If I mantain the policy rule on VPN-2 but deactivate the VPN-2 the rule "work" because the smartphone (192.168.1.35) is not able to navigate, being the VPN-2 disabled and the roule "Block routed clients if tunnel goes down" activated.

 

[RMerlin]

Routing policies only apply once a given tunnel has been chosen by the router, it is not applied globally to the whole routing. You cannot have two tunnels running at the same time, with both acting as a redirection for Internet traffic - only one of the two will be used (most likely the first one).

 

[joegreat]

My smartphone (192.168.1.35) and all other lan client go throught the VPN-1 ! Why ? and how can change the config for goal ?

Hi,

Maybe this thread (especially the last posting) gives you some hints on the setup of 2 VPNs - accessed by 2 separate guest WLANs...

With kind regards
Joe

 

[Baros]

Perfect! I was hoping to be able only with the web UI, without using scripts dedicated, because my skills are not high, and do not like to do things that do not understand ! But if this the way... I will study !!

Many thanks for the advice!

 

[princi]

Routing policies only apply once a given tunnel has been chosen by the router, it is not applied globally to the whole routing. You cannot have two tunnels running at the same time, with both acting as a redirection for Internet traffic - only one of the two will be used (most likely the first one).

Can I just confirm: Even though the latest merlin firmware supports 5 OpenVPN clients, only one is redirecting at one time?

I am trying to work out how to assign devices to OpenVPN clients that are all connected - but if only one is active at one time, what's the point?

 

[RMerlin]

Can I just confirm: Even though the latest merlin firmware supports 5 OpenVPN clients, only one is redirecting at one time?

I am trying to work out how to assign devices to OpenVPN clients that are all connected - but if only one is active at one time, what's the point?

Correct. You cannot have five different tunnels all set to redirect Internet traffic (at a routing level, this means defining a default gateway). Only one default gateway can be active at a time, as it's a fallback route for anything destined to an IP that is not on your LAN, or in a defined route.

You might however be able to have specific routes for specific tunnels. I have never tested this however, since I only have access to one (free) tunnel provider.