Solved RT-AC68, VLAN and multiple VPN

Er0n

Occasional Visitor
Hello there, before venturing into the not very friendly field of VLAN setting up on Asus, I'd like to ask to people that already tried about their experience.
I did some researches here on the forum and I jumped into quite old VLAN posts, unaswered posts, and speaking frankly, I did not found much successful post in the recent time.

What I am trying to achieve is 2 different VPN on 2 different VLAN.
I'm running AC68U with the latest Wrt Merlin.

I know that for 30 bucks or so on Amazon I could just throw a managed 5 ports switch to fire up the VLAN, but cannot figure out how Asus router would then handle the VPN.
Any suggestion for the explorer before me?
Thank you very much
 

ColinTaylor

Part of the Furniture
What I am trying to achieve is 2 different VPN on 2 different VLAN.
This is quite different from most of the use cases where people have tried to create VLANs on their router. Can you explain a bit more about the VLAN setup on the rest of your network so it's more clear how you want to integrate it with the router's VPN clients (I'm assuming it's clients and not servers).
 

CaptainSTX

Part of the Furniture
Hello there, before venturing into the not very friendly field of VLAN setting up on Asus, I'd like to ask to people that already tried about their experience.
I did some researches here on the forum and I jumped into quite old VLAN posts, unaswered posts, and speaking frankly, I did not found much successful post in the recent time.

What I am trying to achieve is 2 different VPN on 2 different VLAN.
I'm running AC68U with the latest Wrt Merlin.

I know that for 30 bucks or so on Amazon I could just throw a managed 5 ports switch to fire up the VLAN, but cannot figure out how Asus router would then handle the VPN.
Any suggestion for the explorer before me?
Thank you very much
VLANs can be handled in various ways. If you set one up on a router running Tomato the VLANS are put in different subnets so a VPN that uses IPs within a single subnet to assign a client may or may not be able to assign clients from various subnets to the VPN interface. In the case of the Tomato router I'm using only clients in the primary DHCP can be routed using the VPN.

In the case of using a simple inexpensive smart switch that allows you to assign either a port based or a 802.1Q VLAN they do not assign devices in different VLANs IPs in different subnets but for the lack of better term they put a tagged wrapper on the data packets to keep the data packets from various VLANs to send the packets just to other devices that are members of the VLAN.

Since the smart switch isn't changing the subnet and IP range of VLAN members you can use policy based routing on an ASUS router running Merlin's firmware, router just looks at the devices IP and decides if the device is to be routed to the internet using the WAN or byusing anyone of the five possible VPN clients.
 

Er0n

Occasional Visitor
This is quite different from most of the use cases where people have tried to create VLANs on their router. Can you explain a bit more about the VLAN setup on the rest of your network so it's more clear how you want to integrate it with the router's VPN clients (I'm assuming it's clients and not servers).
Well, at the moment, nothing else than the router itself and 2 different VPN.
What I need to achieve is to have two segregated network, each with one VPN, wi-fi capabilities and ethernet space (not much, even just one single slot would do).
I do not mind to spend few money to add more hardware and help the RT-AC68U reach the goal, but before I was wondering if there are router capabilities I am not considering and what would be the best way to succeed.

Thanks.
 

Er0n

Occasional Visitor
VLANs can be handled in various ways. If you set one up on a router running Tomato the VLANS are put in different subnets so a VPN that uses IPs within a single subnet to assign a client may or may not be able to assign clients from various subnets to the VPN interface. In the case of the Tomato router I'm using only clients in the primary DHCP can be routed using the VPN.

In the case of using a simple inexpensive smart switch that allows you to assign either a port based or a 802.1Q VLAN they do not assign devices in different VLANs IPs in different subnets but for the lack of better term they put a tagged wrapper on the data packets to keep the data packets from various VLANs to send the packets just to other devices that are members of the VLAN.

Since the smart switch isn't changing the subnet and IP range of VLAN members you can use policy based routing on an ASUS router running Merlin's firmware, router just looks at the devices IP and decides if the device is to be routed to the internet using the WAN or byusing anyone of the five possible VPN clients.
So, correct me if i'm wrong, a smart switch would not do anything different that what IPTV tagging would do?
 

eibgrad

Part of the Furniture
 

CaptainSTX

Part of the Furniture
So, correct me if i'm wrong, a smart switch would not do anything different that what IPTV tagging would do?
I haven't used IPTV tagging so I am not familiar what it does vs VLAN tags.
 

Er0n

Occasional Visitor
@CaptainSTX , tried my best to stick with Merlin firmware, but the CLI/iptables road proved to not be a long term solution. So I followed your advice and switched to FreshTomato, where I was able to set up a VLAN from GUI and correctly tunnel each of the different IP through a different VPN. Thanks
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top