What's new
By:

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Merlin 380.65_4 OpenVPN Simple Policy Rules Question

K

Kaydog

New Around Here
I have my openvpn all setup and connected to pia. I would like to have 3 static Ip's not go through the vpn while all others go thru the vpn. my ip range is 192.168.1.2 to 254. My static Ips 192.168.1.251, 192.168.1.252, and 192.168.1.253.

I've tried the following:
192.168.1.251 0.0.0.0 WAN
192.168.1.252 0.0.0.0 WAN
192.168.1.253 0.0.0.0 WAN

But when I apply this all Ips go to wan. What am I missing?
 
Kaydog said:
I have my openvpn all setup and connected to pia. I would like to have 3 static Ip's not go through the vpn while all others go thru the vpn. my ip range is 192.168.1.2 to 254. My static Ips 192.168.1.251, 192.168.1.252, and 192.168.1.253.

I've tried the following:
192.168.1.251 0.0.0.0 WAN
192.168.1.252 0.0.0.0 WAN
192.168.1.253 0.0.0.0 WAN

But when I apply this all Ips go to wan. What am I missing?
Click to expand...

https://www.snbforums.com/threads/open-vpn-client-redirect-internet-policy.37530/#post-308797
 
CaptainSTX said:
Try shortening up your DHCP pool so that the static addresses are not included within the pool.
Click to expand...

Thanks Martineau and CaptainSTX. I got it working. I followed both yours and Yorgi's input. Here is what I did. I made my dynamic ip pool 192.168.1.100-254, Then I assigned the 3 static ips 0f 192.168.1.2,3,&4

So my policy rules are as follows:
192.168.1.2 0.0.0.0 WAN
192.168.1.3 0.0.0.0 WAN
192.168.1.4 0.0.0.0 WAN

Then I directed all of the dynamic ip pool thru the vpn:
192.168.1.100/30 0.0.0.0 VPN
192.168.1.104/29 0.0.0.0 VPN
192.168.1.112/28 0.0.0.0 VPN
192.168.1.128/26 0.0.0.0 VPN
192.168.1.192/27 0.0.0.0 VPN
192.168.1.224/28 0.0.0.0 VPN
192.168.1.240/29 0.0.0.0 VPN
192.168.1.248/30 0.0.0.0 VPN
192.168.1.252/31 0.0.0.0 VPN

Was there an easier way? The second half seems a little cumbersome.

Thanks again,
Kaydog
 
Kaydog said:
Thanks Martineau and CaptainSTX. I got it working. I followed both yours and Yorgi's input. Here is what I did. I made my dynamic ip pool 192.168.1.100-254, Then I assigned the 3 static ips 0f 192.168.1.2,3,&4

So my policy rules are as follows:
192.168.1.2 0.0.0.0 WAN
192.168.1.3 0.0.0.0 WAN
192.168.1.4 0.0.0.0 WAN

Then I directed all of the dynamic ip pool thru the vpn:
192.168.1.100/30 0.0.0.0 VPN
192.168.1.104/29 0.0.0.0 VPN
192.168.1.112/28 0.0.0.0 VPN
192.168.1.128/26 0.0.0.0 VPN
192.168.1.192/27 0.0.0.0 VPN
192.168.1.224/28 0.0.0.0 VPN
192.168.1.240/29 0.0.0.0 VPN
192.168.1.248/30 0.0.0.0 VPN
192.168.1.252/31 0.0.0.0 VPN

Was there an easier way? The second half seems a little cumbersome.

Thanks again,
Kaydog
Click to expand...
You could shorten your DHCP list down to 20 then you would have many fewer IPs to assign to VPN. If clients are connecting by WiFi then your router really can't handle many more clients. If connecting by Ethernet then adjust accordingly.
 
Kaydog said:
Was there an easier way? The second half seems a little cumbersome.
Click to expand...
WAN rules always take precedence over VPN rules.....so you can just add your entire subnet to the VPN, then the WAN exceptions.

192.168.1.0/24 0.0.0.0 VPN
192.168.1.2 0.0.0.0 WAN
192.168.1.3 0.0.0.0 WAN
192.168.1.4 0.0.0.0 WAN
 
john9527 said:
WAN rules always take precedence over VPN rules.....so you can just add your entire subnet to the VPN, then the WAN exceptions.

192.168.1.0/24 0.0.0.0 VPN
192.168.1.2 0.0.0.0 WAN
192.168.1.3 0.0.0.0 WAN
192.168.1.4 0.0.0.0 WAN
Click to expand...

Thanks John,
Much more eloquent! I like it.
Best,
K
 
You must log in or register to reply here.

Similar threads

R
Asus RT N66u running Asuswrt Merlin change VPN listening port from WAN to LAN
Replies
7
Views
394
bennor
B
D
Proper VPN Policy Rules
Replies
2
Views
712
Dougj
D
G
Wireguard VPN Client: killswitch activation -> LAN administration lock-out
Replies
6
Views
3K
ZebMcKayhan
Z
P
Accessing remotly Server While Using VPN on Asus Router with Merlin Firmware
Replies
9
Views
1K
eibgrad
eibgrad
R
Your rules have reached the maximum - Looking for Alternative ways to do MAC filtering on Wifi.
Replies
3
Views
797
SeriousFamily
SeriousFamily
Similar threads
Thread starter Title Forum Replies Date
consorts Solved guide me on which merlin 3006.102.4 router should i buy - if... Asuswrt-Merlin 35
D AX88U, Asus Merlin 3004.388.9_2, no temperature tab Asuswrt-Merlin 1
K Tutorial [Script Collection] Asuswrt-Merlin helpers for WireGuard, Dual WAN, USB SSD, and more Asuswrt-Merlin 4
John DeLuca GT-BE98 Pro Merlin Version 3006.102.4 IPv6 Issues Asuswrt-Merlin 2
RMerlin Beta Asuswrt-Merlin 3006.102.5 Beta is now available Asuswrt-Merlin 141
Y NAT problem (Asus RT-AX88U Pro, Merlin 3006.102.4, Starlink, PureVPN with dedicated IP and Port forwarding) Asuswrt-Merlin 7
FoxBazo Dual-Wan issue on Merlin 3006.102.4 - do I need to waith for newt update or do I need to try the alternative Failover script (amtm) Asuswrt-Merlin 5
S Release GNUton Asus Merlin 3004.388.9_2-gnuton1 Asuswrt-Merlin 2
L How to install YAMon / bwmon on Asuswrt-Merlin ? Asuswrt-Merlin 21
U Need Help Setting Up 3 VLANs (Home, Guest, IoT) on ASUSWRT-Merlin (RT-AC86U) Asuswrt-Merlin 9

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Staff online

Members online

Total: 932 (members: 27, guests: 905)
Back
Top