2 Router Config Best for Home Network with Dedicated VPN?

[Robo]

Newbie here. Question: Is a two router config the best way to go in home network where you want some of your clients devices on VPN and others not? Plus you want to be able to create Port Forwarding and have an VPN Server configured?

Something like this:
https://www.vpnuniversity.com/routers/setup-two-routers-with-dedicated-vpn-router

I have the ASUS RT-AC87U with Merlin firmware.

Thanks in advance.

Rob

 

[coxhaus]

I am curious as to why you want some of your clients on VPN? I could see this if your VPN terminated at your work.

 

[agilani]

I'm also interested to see if anyone is running their gear in this configuration. I want to move all iot type devices to a separate ap and possbily only have them on vpn. Anyone have a dedicated router for vpn?

 

[ColinTaylor]

I'm guessing that the OP wasn't really interested in the answer as he's never logged back in since posting the question 7 weeks ago.

 

[EWBtCiaST]

I wouldn’t use the two router config. I would recommend just using one router and statically assign all IP addresses on your network. Then selectively route the necessary IP addresses through the VPN - the rest will go through the default connection.

I’d also recommend all IoT devices be on a separate network.

 

[cmkelley]

I wouldn’t use the two router config. I would recommend just using one router and statically assign all IP addresses on your network. Then selectively route the necessary IP addresses through the VPN - the rest will go through the default connection.

I’d also recommend all IoT devices be on a separate network.

Seems to me that @Jack Yaz 's YazFi (https://www.snbforums.com/threads/yazfi-enhanced-asuswrt-merlin-guest-wifi-networks.45924/) simplifies this a great deal.

 

[agilani]

I wouldn’t use the two router config. I would recommend just using one router and statically assign all IP addresses on your network. Then selectively route the necessary IP addresses through the VPN - the rest will go through the default connection.

I’d also recommend all IoT devices be on a separate network.

So policy based routing using iptables?

 

[agilani]

Seems to me that @Jack Yaz 's YazFi (https://www.snbforums.com/threads/yazfi-enhanced-asuswrt-merlin-guest-wifi-networks.45924/) simplifies this a great deal.

Thanks,
This is worth a look.

 

[EWBtCiaST]

So policy based routing using iptables?

You could use iptables, but you don’t have to. You could also use the GUI. At the bottom of the OpenVPN screen you can assign source IP addresses to pass through the VPN.

 

[agilani]

You could use iptables, but you don’t have to. You could also use the GUI. At the bottom of the OpenVPN screen you can assign source IP addresses to pass through the VPN.

Good to know, so only specific devices will default over the vpn based on source? That may be better and one less device to worry about.

Ok, i setup the openvpn client and connected it to pia. But i don't see anywhere to specify client ip addresses to pass through the vpn. And right now the vpn is taking effect for every device.

So i found where i can configure policy based rules for the openvpn client. I specify that do i also need to setup a default route out to the internet for every device? Or just the devices i expect to go over the tunnel?