VPN client routing rules

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

axion68

New Around Here
I am trying to setup routing rules for 2 vpn clients.

Ideally I would like to have dhcp clients go through vpn 1 and then manually assign ip's outside of the dhcp scope to go through vpn 2.

I would also like everything on the lan side to still be able to communicate internally.

Would there be a cidr notation that would only include a partial set of ip addresses or does it apply to the whole range.

Right now I am using 192.168.1.0 with a subnet mask of 255.255.255.0
 

chongnt

Regular Contributor
I have few manually assigned IP device routed through VPN Client 1. To test your scenario, I simply add the whole subnet 192.168.1.0/24 in VPN Client 2 GUI. In a brief test, manually assigned and configured in VPN Client 1 GUI devices still go to VPN 1, and all others will go to VPN2. Not sure if this is what you want.
10102: from 192.168.1.11 lookup ovpnc1
10103: from 192.168.1.91 lookup ovpnc1
10104: from 192.168.1.2 lookup ovpnc1
10301: from 192.168.1.0/24 lookup ovpnc2

You may also explore say set assign DHCP server range 192.168.1.2-127. Then manually assign IP from 192.168.1.128 onwards. In VPN Client 1 GUI, add 192.168.1.0/25, and in VPN Client 2 GUI, add 192.168.1.128/25 and see if it works. With this, you need to specify router say 192.168.1.1 to WAN in VPN Client 1 page.
 

Martineau

Part of the Furniture
I am trying to setup routing rules for 2 vpn clients.

Ideally I would like to have dhcp clients go through vpn 1 and then manually assign ip's outside of the dhcp scope to go through vpn 2.

I would also like everything on the lan side to still be able to communicate internally.

Would there be a cidr notation that would only include a partial set of ip addresses or does it apply to the whole range.

Right now I am using 192.168.1.0 with a subnet mask of 255.255.255.0

Yes you can create LAN device IP groups in many ways to assist in Selective routing using a single CIDR range

e.g. one schema I toyed with to implement DHCP manual Reservation/static IPs (hence the small DHCP pool to hopefully quickly assist with identifying 'rogue' devices)

VPN range is from Lowest IP to highest.
IoT Devices should be assigned from highest IP to lowest in its range, therefore it can expand down into the VPN range


Code:
10.0.0.3   - 10.0.0.7           Printers/Scanners            5  Max 10.0.0.3/32,10.0.0.4/30
10.0.0.8   - 10.0.0.15          Servers, NAS                 8  Max 10.0.0.8/29
10.0.0.16  - 10.0.0.31          Phones                       16 Max 10.0.0.16/28
10.0.0.32  - 10.0.0.63          Laptops/PCs/Tablets/General  32 Max 10.0.0.32/27
10.0.0.64  - 10.0.0.95          Laptops/PCs/Tablets/General  32 Max 10.0.0.64/27
10.0.0.96  - 10.0.0.111         Laptops/PCs/Tablets/General  16 Max 10.0.0.96/28
10.0.0.112 - 10.0.0.127         VPN Clients                  16 Max 10.0.0.112/28
     10.0.0.112 - 10.0.0.119    VPN Client 1                 8  Max 10.0.0.112/29
     10.0.0.120 - 10.0.0.127    VPN Client 2                 8  Max 10.0.0.120/29
10.0.0.128 - 10.0.0.191         IoT                          64 Max 10.0.0.128/26
10.0.0.192 - 10.0.0.223         DHCP Guests                  32 Max 10.0.0.192/27    <--- DHCP Pool
10.0.0.240-- 10.0.0.254         Routers, Smart switches      15 Max 10.0.0.240/28
 
Last edited:

Similar threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top