What's new

VPN client routing rules

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

axion68

New Around Here
I am trying to setup routing rules for 2 vpn clients.

Ideally I would like to have dhcp clients go through vpn 1 and then manually assign ip's outside of the dhcp scope to go through vpn 2.

I would also like everything on the lan side to still be able to communicate internally.

Would there be a cidr notation that would only include a partial set of ip addresses or does it apply to the whole range.

Right now I am using 192.168.1.0 with a subnet mask of 255.255.255.0
 
I have few manually assigned IP device routed through VPN Client 1. To test your scenario, I simply add the whole subnet 192.168.1.0/24 in VPN Client 2 GUI. In a brief test, manually assigned and configured in VPN Client 1 GUI devices still go to VPN 1, and all others will go to VPN2. Not sure if this is what you want.
10102: from 192.168.1.11 lookup ovpnc1
10103: from 192.168.1.91 lookup ovpnc1
10104: from 192.168.1.2 lookup ovpnc1
10301: from 192.168.1.0/24 lookup ovpnc2

You may also explore say set assign DHCP server range 192.168.1.2-127. Then manually assign IP from 192.168.1.128 onwards. In VPN Client 1 GUI, add 192.168.1.0/25, and in VPN Client 2 GUI, add 192.168.1.128/25 and see if it works. With this, you need to specify router say 192.168.1.1 to WAN in VPN Client 1 page.
 
I am trying to setup routing rules for 2 vpn clients.

Ideally I would like to have dhcp clients go through vpn 1 and then manually assign ip's outside of the dhcp scope to go through vpn 2.

I would also like everything on the lan side to still be able to communicate internally.

Would there be a cidr notation that would only include a partial set of ip addresses or does it apply to the whole range.

Right now I am using 192.168.1.0 with a subnet mask of 255.255.255.0

Yes you can create LAN device IP groups in many ways to assist in Selective routing using a single CIDR range

e.g. one schema I toyed with to implement DHCP manual Reservation/static IPs (hence the small DHCP pool to hopefully quickly assist with identifying 'rogue' devices)

VPN range is from Lowest IP to highest.
IoT Devices should be assigned from highest IP to lowest in its range, therefore it can expand down into the VPN range


Code:
10.0.0.3   - 10.0.0.7           Printers/Scanners            5  Max 10.0.0.3/32,10.0.0.4/30
10.0.0.8   - 10.0.0.15          Servers, NAS                 8  Max 10.0.0.8/29
10.0.0.16  - 10.0.0.31          Phones                       16 Max 10.0.0.16/28
10.0.0.32  - 10.0.0.63          Laptops/PCs/Tablets/General  32 Max 10.0.0.32/27
10.0.0.64  - 10.0.0.95          Laptops/PCs/Tablets/General  32 Max 10.0.0.64/27
10.0.0.96  - 10.0.0.111         Laptops/PCs/Tablets/General  16 Max 10.0.0.96/28
10.0.0.112 - 10.0.0.127         VPN Clients                  16 Max 10.0.0.112/28
     10.0.0.112 - 10.0.0.119    VPN Client 1                 8  Max 10.0.0.112/29
     10.0.0.120 - 10.0.0.127    VPN Client 2                 8  Max 10.0.0.120/29
10.0.0.128 - 10.0.0.191         IoT                          64 Max 10.0.0.128/26
10.0.0.192 - 10.0.0.223         DHCP Guests                  32 Max 10.0.0.192/27    <--- DHCP Pool
10.0.0.240-- 10.0.0.254         Routers, Smart switches      15 Max 10.0.0.240/28
 
Last edited:

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top