TAP VPN for specific devices only on Merlin

kofii12345

Occasional Visitor
I need to make TAP VPN for specific devices only on Merlin. I used tomato before and accomplished that with VLANs but I dont see this option on Merlin. I just need to run VPN with TAP for 2 devices (it could be done by specific guest SSID) but the rest of network should use default WAN. Is that possible on Merlin?
 

eibgrad

Part of the Furniture
I assume we're talking about configuring the OpenVPN client here. I don't understand why it has to be TAP. Are you saying the OpenVPN server you're using is itself constrained to TAP?

A TAP VPN is bridged between the local and remote networks, making *everything* accessible, by design. It's why you don't use a TAP VPN when you need to filter access. And since Merlin doesn't support user-defined VLANs natively, you'd have to consider using a third-party scripting solution. And the OpenVPN TAP client of the GUI is going to bridge the private network (br0) to the VPN, which would require additional manipulation to rebind it to the new VLAN.

So like a lot of things, it can probably be done, but NOT easily via the GUI.

Of course, use of a separate router for this VPN would solve the problem too.
 

kofii12345

Occasional Visitor
I need TAP because it is for 2 TV devices that need to be in the same network and broadcasting to themself. I used separate router and hoped that will reduce it with new Asus. I made new bridge for using VPN for Download Master before. How to rebind openVPN to that? Is it possible to use policy rules for TAP somehow?
 

eibgrad

Part of the Furniture
It's still very unclear what the big picture is here. Originally it sounded as if the two devices where on the client side. But now it sounds like you may be attempting to connect two devices, each of which is on opposites sides of the tunnel. So unless you provide a LOT more details about what's going on here, it's going to be difficult to help.

As far as policy rules w/ TAP, that's a contradiction. You use policy rules in order to "route" between different network interfaces, specifically the one hosting the VPN, the other the LAN. But in a bridged VPN, there is no routing! The VPN's network interface and the LAN are *bridged*, making them effectively one and the same network interface. So policy routing is meaningless in that context.
 
Last edited:

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top