1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

Tying OpenVPN to a specific SSID or LAN port

Discussion in 'Asuswrt-Merlin' started by tokyo_networking, Jul 22, 2019.

  1. tokyo_networking

    tokyo_networking Occasional Visitor

    Mar 10, 2013
    I would like to be able to tie OPENVPN to a specific SSID or LAN port, e.g I want default traffic go out on the Internet, but specific devices to use the VPN connection. Is this possible.
  2. eibgrad

    eibgrad Senior Member

    Feb 20, 2017
    By default, all the wireless adapters (SSIDs) and LAN ports are bridged (br0) and treated as a single entity that share the same ethernet segment and IP network. All distinctions between wired and wireless, and how any given client gained access to the network, is lost. And when it comes to the OpenVPN client, you can only split tunnel based on the source IP (at least when using the GUI).

    The only way to segregate a given LAN port or wireless SSID for use w/ OpenVPN is to *un*bridge that LAN port or SSID from the default bridge and create a brand new ethernet segment and IP network (VLAN or AP, respectively). And now you can specify that new IP network in policy based routing for routing over the OpenVPN client. IOW, indirectly,

    Of course, the downside of doing this is that now you have two separate ethernet/IP networks for all other purposes, and that can be problematic (e.g., network discovery cannot cross ethernet boundaries, at least by default).
  3. Val D.

    Val D. Senior Member

    Jun 16, 2019