Create default VPN for all devices and special VPN for a subset of devices overwriting default

[flopeh]

Hi everyone,

I would like to set up the VPN connection in such a way, that:
- By default a specific VPN configuration is applied to all devices
- A specific set of devices have a different VPN configuration

I tried the following:
- Set up a rule: 192.168.50.0/24 with a specific VPN configuration covering all connected devices
- Set up another rule: 192.168.50.XXX for a specific devices with a different VPN configuration

Unfortunately, that configuration for a specific device does not seem to overrule the 192.168.50.0/24 rule. Is there a way to achieve my outcome?

Many thanks for any advice on this!

 

[TonyK132]

I do this using VPN Director. Create 2 OpenVPN tunnels, then create rules for the tunnels for 2 ranges you want the tunnels to use. Since Director goes top-down, you would set your 1st tunnel to be the exception devices XXX and the 2nd tunnel to be the /24 to catch everything else. What does not get captured by the 1st rule will flow to the 2nd rule. It would be easiest if you arranged your IP address ranges such that your XXX devices are all in one IP range. The only gotcha is that you need to pay attention to the CIDR rules for address ranges.

 

[CaptainSTX]

It might be simpler to administer your setup if you assign devices static IPs then as suggested use VPN director in Merlin's firmware. Just be careful about setting a VPN kill switch in the first VPN client as if the VPN tunnel fails all devices maybe blocked.