Solved VPN question

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

arkhane

Occasional Visitor
Hello...I need some help...

working from home on a laptop and using OVPN files I would like the following:

using my laptop with a network cable connected to the Merlin router for stability : all traffic must go to the WAN as the company does not allow private VPN
using this same laptop over wifi: all traffic should go through the private VPN client for my leisure use

Is their any way I do this...? If yes then how....?

Thank you
 

figorr

Regular Contributor
You should have different MAC addresses when your laptop is connected through cable and wifi. So you could assign two different manual IP assignments under the DHCP Server, one Manual IP for each MAC address.

Then you should go to your VPN client and ... set the policy rules to strict, and then you should set the manual IP for cable go through WAN and the manual IP for wifi go through VPN.

Be sure you disconnect the wifi in your laptop when you are going to work. Just to be sure you are not connected wiressly.

This was the complicated way.

An easiest way could be ... to turn off the vpn client when you are going to work and to turn on the vpn when you are finished of working. ;)
 
Last edited:

elorimer

Very Senior Member
@figorr is giving you a responsive answer.

I'm assuming you mean all other traffic goes out over a VPN client. If your WIFI isn't unstable, you could use Yazfi to have a guest network that goes out to the internet directly.

Corporate policies are corporate policies, so I follow the need. Don't follow exactly the why, though, since however you are doing this will be encrypted from your laptop to the corporate network, even if it goes over a second encrypted connection. If they are worried about the points in between, well, the ISP.
 

arkhane

Occasional Visitor
You should have different MAC addresses when your laptop is connected through cable and wifi. So you could assign two different manual IP assignment under the DHCP Server, one Manual IP for each MAC address.

Then you should go to your VPN client and ... set the policy rules to strict, and then you should set the manual IP for cable go through WAN and the manual IP for wifi go through VPN.

Be sure you disconnect the wifi in your laptop when you are going to work. Just to be sure you are not connected wiressly.

This was the complicated way.

An easiest way could be ... to turn off the vpn client when you are going to work and to turn on the vpn when you are finished of working. ;)
You just gave me the answer...looks good...still some erratic behavior in the GUI but looks good from the laptop....thank you!

Actually in the DHPC I only set a static IP with the cable connected and WIFI disconnected to get the MAC from the LAN NIC and applyied to it a static IP. I did not setup a static IP for the WIFI MAC. Then did a policy rule (strict) and this seems to work fine.

Still since yesterday I installed Merlin on my primary router I see something strange...:

they are 5 VPN client instances: I have set them all to be ready to activate them if required and activated only the 1st instance. Still regualrily I have no idea why the 5th instance get automatically activated while I did not activated it...I only activated the 1st one....
 
Last edited:

eibgrad

Very Senior Member
Not clear to me where this OpenVPN client is established. Or even if it's the employer's VPN or your own. I found the description a bit lacking in this regard. If it's on the laptop itself, take a look at the following thread.


If it's on the primary router (Merlin), then specify route directives in custom config to create static routes that bind the public IP(s) associated w/ your employer to the WAN.

Code:
route 199.199.199.199 255.255.255.255 net_gateway
route 188.188.188.0 255.255.255.0 net_gateway

IOW, none of this requires PBR (policy based routing), unless I'm just missing something. And by avoiding PBR, you get the side benefit of keeping the router itself on the VPN.
 
Last edited:

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top