1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

OpenVPN Clients - Policy Rules STRICT?

Discussion in 'Asuswrt-Merlin' started by Ubershopper, Jul 22, 2017.

  1. Ubershopper

    Ubershopper New Around Here

    Joined:
    Jul 21, 2017
    Messages:
    4
    Due diligence: I've searched here and elsewhere and read a few guides, but can't find any reference to this.

    Background:
    I have an OpenVPN client connected and working. I have rules set so that three devices are directed through the tunnel and DNS set to enabled so that those devices use the VPNs DNS server.

    Question:
    In the Redirect Internet Traffic selector, what the difference between Policy Rules, and Policy Rules (Strict) ?

    Thanks
     
  2. Please support SNBForums! Just click on this link before you buy something from Amazon and we'll get a small commission on anything you buy. Thanks!
  3. RMerlin

    RMerlin Super Moderator

    Joined:
    Apr 14, 2012
    Messages:
    27,395
    Location:
    Canada
    Strict mode was added with 380.66. From the changelog:

    Code:
      - NEW: Added new Internet redirection mode to OpenVPN clients
             called "Policy Rule (Strict)".  The difference from the
             existing "Policy Rule" mode is that in strict mode,
             only rules that specifically target the tunnel's
             interface will be used.  This ensures that you don't
             leak traffic through global or other tunnel routes,
             however it also means any static route you might have
             defined at the WAN level will not be copied either.
    
    In general, strict mode is preferable, but it won't work if you or your ISP are using static routes in your WAN configuration (something not very common).
     
    Ubershopper likes this.
  4. Ubershopper

    Ubershopper New Around Here

    Joined:
    Jul 21, 2017
    Messages:
    4
    Okay, that makes sense.

    Thanks.
     
  5. killeriq

    killeriq Occasional Visitor

    Joined:
    Jul 22, 2017
    Messages:
    42
    Hello, just want to confirm those question:

    1. What for are Clients 1-5?
    Just to have different services ready to connect any time?

    2. Is there a way how can i connect on router as VPN client and use it only for specific IP ?
    I would like to use some of my devices on VPN and some on "regular" network.

    Thanks
     
  6. Ubershopper

    Ubershopper New Around Here

    Joined:
    Jul 21, 2017
    Messages:
    4
    I'm relatively new to this but yes. I think it is so you could connect your router as a client to multiple servers at the same time.

    Yes. Again, I'm new to this too but what you need to do is use policy rules. Then you can list the IP addresses of the devices you want to go through the VPN.

    Search for Merlin VPN tutorial and you should find a couple detailed step by step guides.
     
  7. killeriq

    killeriq Occasional Visitor

    Joined:
    Jul 22, 2017
    Messages:
    42
    Last edited: Jul 23, 2017
    RMerlin likes this.
  8. endtimes

    endtimes Occasional Visitor

    Joined:
    Apr 21, 2016
    Messages:
    34
    Is there a way to access an IP running through a VPN on an internal LAN when strict mode is enabled?
     
Please support SNBForums! Just click on this link before you buy something from Amazon and we'll get a small commission on anything you buy. Thanks!