Asus Merlin - OpenVPN Policy Rules to direct Roku to another gateway

mulkman

Occasional Visitor
Hi Guys,


I have been using the RT-AC87U router on the latest merlin firmware and am trying to policy rules to redirect the Roku Express through another default gateway 10.27.43.20 (Synology NAS) which is setup as a VPN Server on OpenVPN.

I have a particular device Roku Express which does not allow a static IP to be assigned and will always use DHCP to get assigned an IP address. I am looking to pass the network traffic for this device through the Synology NAS which hits speeds of 180mbits on NordVPN USA VPN

My routers current default gateway is 10.27.43.1 which is assigned to the DHCP pool across my network.

The current Asus RT-AC87U gets on 37mbits on USA VPN using OpenVPN.

Please can anyone provide any suggestions -

Thanks
 

ColinTaylor

Part of the Furniture
"Policy Rules" are part of the router's OpenVPN client support. As you're not using OpenVPN on the router Policy Rules are not relevant to your situation.

If you want to change the default gateway for a single DHCP client via DHCP the best approach would probably be to create a custom config file for the client's MAC address.
 

eibgrad

Part of the Furniture
You could change the default gateway of that particular device using DNSMasq (specifically using a dnsmasq.conf.add file).

Code:
#!/bin/sh

CONFIGS_DIR='/jffs/configs'
CONFIG="$CONFIGS_DIR/dnsmasq.conf.add"

mkdir -p $CONFIGS_DIR

create_config() {
cat << 'EOF' > $CONFIG
dhcp-option=tag:route2nas,option:router,10.27.43.20
dhcp-mac=set:route2nas,01:02:03:04:05:06
EOF
}

if [ -f $CONFIG ]; then
    echo "error: $CONFIG already exists; requires manual installation"
else
    create_config
    echo 'Done.'
fi
:

IOW, you create a tag w/ your preferred gateway IP, then assign the tag to those devices (based on their MAC address) you want to use it.

You need to enable JFFS scripts and configs under Administration > System, then ssh to the router and copy/paste the above script. Finally, reboot.
 

ColinTaylor

Part of the Furniture
/jffs/configs/dnsmasq.conf.add

Code:
dhcp-mac=set:roku,8C:1D:96:EF:54:2F
dhcp-option=tag:roku,option:router,10.27.43.20

Change 8C:1D:96:EF:54:2F to be the MAC address of your Roku.

UPDATE: Original post editted in response to post #8.

EDIT: It occurs to me that just changing the Roku's gateway won't help you unless your NAS is also configured to be a router. I guess that's why your NAS is a VPN server as well as a VPN client. But with your original idea surely the problem then moves to the Roku which must now run an OpenVPN client. I don't know anything about Roku's but I'd guess that the VPN client on the Roku would now become the bottleneck.
 
Last edited:

mulkman

Occasional Visitor
/jffs/configs/dnsmasq.conf.add

Code:
dhcp-host=8C:1D:96:EF:54:2F,set:roku
dhcp-option=tag:roku,option:router,10.27.43.20

Change 8C:1D:96:EF:54:2F to be the MAC address of your Roku.

EDIT: It occurs to me that just changing the Roku's gateway won't help you unless your NAS is also configured to be a router. I guess that's why your NAS is a VPN server as well as a VPN client. But with your original idea surely the problem then moves to the Roku which must now run an OpenVPN client. I don't know anything about Roku's but I'd guess that the VPN client on the Roku would now become the bottleneck.

Hi,

Appreciate your help

I have just SSH onto the router and gone to JFFS/configs/ and created the dnsmasq.conf.add file with the following output and saved with nano

P.S I am testing it on my ASUS desktop first before trying it on Roku

JFFS.jpg


I have also made sure the device is not in the list of manual assignments and did a reboot.
Once rebooted I tried to release and renew IP address however the 10.27.43.1 gateway remains

pagejffs.jpg



As per set:ASUS within my config does that have to match up within anything?

Any other suggestions?
 

eibgrad

Part of the Furniture
Hi,

Appreciate your help

I have just SSH onto the router and gone to JFFS/configs/ and created the dnsmasq.conf.add file with the following output and saved with nano

P.S I am testing it on my ASUS desktop first before trying it on Roku

View attachment 44248

I have also made sure the device is not in the list of manual assignments and did a reboot.
Once rebooted I tried to release and renew IP address however the 10.27.43.1 gateway remains

View attachment 44252


As per set:ASUS within my config does that have to match up within anything?

Any other suggestions?

MAC address needs to be separated by : , NOT dashes!
 

ColinTaylor

Part of the Furniture
I have also made sure the device is not in the list of manual assignments and did a reboot.
You can still use the manual assignment for it if you want to. It shouldn't really matter one way or the other, although your firmware version is so old I can't be 100% sure.

EDIT: See following reply. dhcp-mac should be used rather than dhcp-host.
 
Last edited:

eibgrad

Part of the Furniture
You can still use the manual assignment for it if you want to. It shouldn't really matter one way or the other, although your firmware version is so old I can't be 100% sure.

This is why I suggested using dhcp-mac rather than dhcp-host. The former only modifies the DHCP request w/ a tag. I'm concerned using dhcp-host *might* act a total override of any static lease defined in the GUI.

Of course, you could remove such a static lease from the GUI and add it and the tag using the dnsmasq.conf.add file. But now you're managing static leases in two places. Not something I would prefer to do.
 

mulkman

Occasional Visitor
Thanks guys for your assistance. The RT-AC86U lives strong but will prob upgrade now to RT-AX86U

that worked and the ROKU is now showing the NAS as the default gateway
 

ColinTaylor

Part of the Furniture
This is why I suggested using dhcp-mac rather than dhcp-host. The former only modifies the DHCP request w/ a tag. I'm concerned using dhcp-host *might* act a total override of any static lease defined in the GUI.

Of course, you could remove such a static lease from the GUI and add it and the tag using the dnsmasq.conf.add file. But now you're managing static leases in two places. Not something I would prefer to do.
Yes, good spot.

I've just tested this and a dhcp-host statement will override a previous one. This is not a problem when using dhcp-mac and you can have more than one if required. If there are conflicts between dhcp-host and dhcp-mac tags the last dhcp-option statement in the config file wins.

I've edited my previous replies accordingly.
 
Last edited:

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top