Menu
What's new
By:
Filters Better Search

VPN Director - Asuswrt-Merlin

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

M

Mikey3

Occasional Visitor
Can someone tell me how to setup a rule in VPN Director to allow all clients to go through the VPN tunnel except one?

Thanks
 
johndoe85

johndoe85

Senior Member
Click on Add new rule in VPN director. Choose your VPN client in the interface section and add the clients you want to go through the VPN.
You should be able to set 192.168.50.0/24 as a choice instead of one client per rule. Name that rule "all clients" or something.
Then add a second rule with the client you want to go through the WAN interface

1675213662463.png


1675213699262.png
 
Viktor Jaep

Viktor Jaep

Very Senior Member
@Mikey3 And to add just one last tidbit to this... make sure your exception rule is located at the top of your rules list, as rules are processed top-down... So your more global VPN rule should be #2.
 
K

kyphos

Occasional Visitor
A related question about VPN Director:
Is there any way to specify that traffic from all WiFi-connected devices go through a VPN (but devices wired to the LAN continue to go through the WAN interface)? The VPN Director GUI only seems to allow client definition by IP, not by interface.

Thanks.
 
C

chongnt

Very Senior Member
Viktor Jaep said:
@Mikey3 And to add just one last tidbit to this... make sure your exception rule is located at the top of your rules list, as rules are processed top-down... So your more global VPN rule should be #2.
Click to expand...
WAN has higher priority over VPN client. Regardless of the sequence of rule creation, higher priority rule will always sorted on top in GUI and applied first. There should be no issue for OP requirement.

github.com

VPN Director

Third party firmware for Asus routers (newer codebase) - RMerl/asuswrt-merlin.ng
github.com github.com
 
Viktor Jaep

Viktor Jaep

Very Senior Member
chongnt said:
WAN has higher priority over VPN client. Regardless of the sequence of rule creation, higher priority rule will always sorted on top in GUI and applied first. There should be no issue for OP requirement.

github.com

VPN Director

Third party firmware for Asus routers (newer codebase) - RMerl/asuswrt-merlin.ng
github.com github.com
Click to expand...
Thanks for this @chongnt ... but if something starts acting wonky, it's probably best to sort them in order of importance top-down... as a best practice. ;)
 
C

chongnt

Very Senior Member
kyphos said:
A related question about VPN Director:
Is there any way to specify that traffic from all WiFi-connected devices go through a VPN (but devices wired to the LAN continue to go through the WAN interface)? The VPN Director GUI only seems to allow client definition by IP, not by interface.

Thanks.
Click to expand...
Yes, it seems there is no straight forward way of doing this. You can split LAN and WiFi to different subnet, say manually assign IP for your LAN devices to say 192.168.50.2 -192.168.50.127 (192.168.50.0/25) and let WiFi devices get their IP from DHCP pool 192.168.50.129 - 192.168.50.254 (192.168.50.128/25). This way you can do it with two rules in VPN Director.
Another option I can think of is use Guest Network with YazFi addons. It has option to route it over VPN.
github.com

GitHub - jackyaz/YazFi: Feature expansion of guest WiFi networks on AsusWRT-Merlin, including SSID -> VPN, separate subnets per guest network, pinhole access to LAN resources (e.g. DNS) and more!

Feature expansion of guest WiFi networks on AsusWRT-Merlin, including SSID -> VPN, separate subnets per guest network, pinhole access to LAN resources (e.g. DNS) and more! - GitHub - jackyaz/Yaz...
github.com github.com
 
C

chongnt

Very Senior Member
Viktor Jaep said:
Thanks for this @chongnt ... but if something starts acting wonky, it's probably best to sort them in order of importance top-down... as a best practice. ;)
Click to expand...
In 386.9, there is no option to sort it manually. I suppose the same for 388.x? The rules are automatically sorted by Interface priority as we create it.
 
Viktor Jaep

Viktor Jaep

Very Senior Member
chongnt said:
In 386.9, there is no option to sort it manually. I suppose the same for 388.x? The rules are automatically sorted by Interface priority as we create it.
Click to expand...
Jeez... you're absolutely right. Maybe I was confusing the vpn director with something else where you could change its order. Thank you!
 
K

kyphos

Occasional Visitor
chongnt said:
Yes, it seems there is no straight forward way of doing this. You can split LAN and WiFi to different subnet, say manually assign IP for your LAN devices to say 192.168.50.2 -192.168.50.127 (192.168.50.0/25) and let WiFi devices get their IP from DHCP pool 192.168.50.129 - 192.168.50.254 (192.168.50.128/25). This way you can do it with two rules in VPN Director.
Another option I can think of is use Guest Network with YazFi addons. It has option to route it over VPN.
github.com

GitHub - jackyaz/YazFi: Feature expansion of guest WiFi networks on AsusWRT-Merlin, including SSID -> VPN, separate subnets per guest network, pinhole access to LAN resources (e.g. DNS) and more!

Feature expansion of guest WiFi networks on AsusWRT-Merlin, including SSID -> VPN, separate subnets per guest network, pinhole access to LAN resources (e.g. DNS) and more! - GitHub - jackyaz/Yaz...
github.com github.com
Click to expand...
@chongnt
I can see how I would narrow the scope of the DHCP server to 192.168.50.2-.127. But don't know how to define another DHCP pool (.129-.254) for WiFi devices.

However, I think your Guest Network idea will work. I'd never set one up, but I just tried it. It's not at all obvious (at least, it's not to me), but doing so creates a new subnet (192.168.101.0/24) and a DHCP server for devices that associate with the guest network. So a VPN Director rule can be created with a rule that assigns the entire subnet to a VPN. Presto - mission accomplished.

That DHCP server for the guest network is well hidden - I can't see it listed on the LAN/DHCP Server page, nor on the Guest Network page.

I will take a look at YazFi. I've never heard of it, and frankly don't know how I would add it to my RT-AC86U. I'm fairly new to Merlin firmware.

Thanks for the tips!!!
 
You must log in or register to reply here.

Similar threads

Sp0X
Low wan speed with VPN director enabled
Replies
0
Views
186
Sp0X
Sp0X
R
VPN Director with TAP tunnel in site-to-site seems not working but allowed
Replies
0
Views
254
ronzino
R
J
Best settings for VPN client on router with AdGuard + Unbound
Replies
2
Views
424
jata
J
Sp0X
Slow WAN with VPN Director turned on
Replies
5
Views
209
RMerlin
RMerlin
N
VPN director - specific sites
Replies
2
Views
257
RMerlin
RMerlin
Similar threads
Thread starter Title Forum Replies Date
Sp0X Slow WAN with VPN Director turned on Asuswrt-Merlin 5
J GT-AX11000 VPN Director not working for me Asuswrt-Merlin 29
R Can't Connect To Web Server Added To VPN Director. Asuswrt-Merlin 0
Sp0X Low wan speed with VPN director enabled Asuswrt-Merlin 0
N VPN-director route all trafic via WAN, and several networks via VPN Asuswrt-Merlin 4
T VPN Director solves Netflix “password sharing” Asuswrt-Merlin 2
N VPN director - specific sites Asuswrt-Merlin 2
R VPN Director with TAP tunnel in site-to-site seems not working but allowed Asuswrt-Merlin 0
D Asus WRt firmware vpn director not working Asuswrt-Merlin 40
A Can't SSH to Raspberry Pi on LAN with VPN Director Asuswrt-Merlin 1

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 327 (members: 17, guests: 310)
Top