What's new

Merlin 384.19 VPN Client - can I direct client connection to specific VPN client?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

TomG

New Around Here
I have OpenVPN client setup on my ASUS RT-AC86U using Merlin 384.19 and am wondering if I can direct say wired connections thru the VPN only, letting wireless not use VPN. If possible, I don't know how to make this happen.

Thanks!
 
I have OpenVPN client setup on my ASUS RT-AC86U using Merlin 384.19 and am wondering if I can direct say wired connections thru the VPN only, letting wireless not use VPN. If possible, I don't know how to make this happen.

Thanks!

1. Assign devices that you want to use VPN static IPs on the router's LAN.
2. After getting VPN client(s) working on router enable policy based routing.
3. In the rules section in the VPN client select the devices you want to be tunneled through the VPN
4. Click apply and you are done.
 
As CaptainSTX suggests, you can use PBR (policy based routing) to selectively route devices over the VPN. However, you can't differentiate wireless from wired users for those same purposes.

By default, all the wired and wireless clients are *bridged*, and therefore how any given client entered the network (wired vs. wireless) is lost for all other purposes (DHCP, firewall rules, PBR, etc.). The only way you could achieve this is if you can place the wireless users on their own network, which by definition would require its own unique IP network (e.g., 192.168.2.0/24). Then you could use PBR to route that specific IP network over the VPN. IOW, you can effectively router wireless users over the VPN, but only indirectly, because you *know* that IP network is only available to wireless users.

Of course, placing a subset of your users on their own network, merely for these purposes, has other negative consequences (e.g., network discovery won't work across networks, not unless you also implement Avahi, an mDNS proxy).
 
Perhaps YazFi and x3mRouting, which are available in amtm, may be options for your use case?
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top