1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

VPN-Routing Question with Merlin-Firmware

Discussion in 'Asuswrt-Merlin' started by Mirko, Feb 14, 2020.

  1. Mirko

    Mirko Occasional Visitor

    Joined:
    Feb 14, 2020
    Messages:
    12
    Hey guys,

    I hope someone can help me here with my problem. I got the Asus RT-AC68U Router behind my Fritzbox (both in Router-Mode) and started to strictly connect to a VPN-Server in Iceland all the time. I`m using Merlin-Firmware 384.15.

    I need to create exceptions for a few sites that doesn`t allow using a VPN-Connection such as my Online-Banking, and a few Shopping-Sites. I encountered Account-Blocking already due to "unusual activities" on one of my Accounts for Online-Shopping and they told me that it was caused because someone with an Icelandic IP logged into my account. (LOL) I told them it was me and that it worked well for months simply by putting in my ZIP-Code as a necessary step but they won`t accept it any longer and said I should turn off my VPN completely - I won`t do that.

    So I tested a little bit around but unfortunately doesn`t have that much experience. Is there a way for me to create exceptions for sites like these and if so, how do I do that? I`m afraid I won`t be able to use my created VPN Killswitch, created on my Firewall-Settings any longer then too...

    I`d be very thankful for an Instruction where and how I can solve that. Thank you very much in advance! :)
     
    Last edited: Feb 14, 2020
  2. distilled

    distilled Regular Contributor

    Joined:
    Feb 7, 2020
    Messages:
    153
    Mirko likes this.
  3. Mirko

    Mirko Occasional Visitor

    Joined:
    Feb 14, 2020
    Messages:
    12

    Thank you, I will have a look on it. :)

    And I don`t see much of a problem with tunneling even such things through the VPN. I mean why should I trust my ISP more than my VPN-Provider? The first one is responsible that I decided to use a VPN the whole time now in the first place - cause my ISP started to block unpopular sites. Besides from that, most of my critical Websites use Two-Factor Authentication and looking at the Political Agenda in my Country, there will be pretty much "Internet Regulation" ahead for us - which usually means nothing good. I refuse that. Where things like censorship starts I`ll take action on my own.

    Anyways, thank you for your reply! :)
     
  4. Xentrk

    Xentrk Part of the Furniture

    Joined:
    Jul 21, 2016
    Messages:
    2,886
    Location:
    The Land of Smiles
    This article will introduce you to the basics of Policy Routing on Asuswrt-Merlin. You may be able to just specify an IP address or two or an IP address subnet in the Policy Routing section of the screen. x3mRouting has other features and options for Policy Routing.
     
  5. distilled

    distilled Regular Contributor

    Joined:
    Feb 7, 2020
    Messages:
    153
    You will certainly know your situation and will do what is best for you. I apologize if I sounded like I was telling you your business, I only meant to point out that technically, what you do online through a VPN can be correlated and cross indexed with times, leading to deanonymization. There are a lot of ifs, and it probably only matters if you are doing something really serious, so I shouldn't have said anything about that.

    Good luck with the selective routing, it looks extremely useful.
     
    royarcher, Butterfly Bones and Mirko like this.
  6. distilled

    distilled Regular Contributor

    Joined:
    Feb 7, 2020
    Messages:
    153
    Holy cow, mate, your website is a treasure trove of useful information! THANK YOU for this, that article itself is terrific.
     
  7. Mirko

    Mirko Occasional Visitor

    Joined:
    Feb 14, 2020
    Messages:
    12
    I see your point and I`m thankful for that. Of course, it`s always something to seriously take under consideration. So no need to apologize! :)
     
    Butterfly Bones and distilled like this.
  8. Mirko

    Mirko Occasional Visitor

    Joined:
    Feb 14, 2020
    Messages:
    12
    I wanna thank you so much too! It`s really, really helpful. I searched for something like that on my fav. Search Engine before but no proper Result. Thank you!!!
     
    Butterfly Bones likes this.
  9. Mirko

    Mirko Occasional Visitor

    Joined:
    Feb 14, 2020
    Messages:
    12
    Guess I will need still some help. This is weird... I followed the steps in the article. I set my current System (Linux Mint Debian) as Source IP and as Destinaton I set for testing purposes the IP of dnsleaktest.com (23.239.16.110) and set it to WAN. As you can see here on the Screenshot.

    [​IMG]
    [​IMG]

    I clicked "apply".I disabled the VPN-Killswitch in my Firewall before that and tried. The weird thing is: After doing that dnsleaktest shows me my real IP. So far so good. BUT other IP Check-Sites do the same. The whole VPN seems to be disabled (Linux shows me in my Status-Bar the Home-Symbol of my ISP as well instead of the Icelandic Flag) although the client says it`s connected (with showing the IP of the VPN). This happens with policy rules on policy rules (strict) it`s the same result.

    I also tried setting the Source-IP to the WAN-IP of my Asus Router. Same result.

    Am I doing something generally wrong?
     
    Last edited: Feb 14, 2020
  10. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    12,026
    Location:
    UK
    https://github.com/RMerl/asuswrt-merlin/wiki/Policy-based-routing

    See the examples at the bottom of the wiki page.
     
    L&LD and Mirko like this.
  11. Mirko

    Mirko Occasional Visitor

    Joined:
    Feb 14, 2020
    Messages:
    12
    I got it!!! Set the IP of my Linux Mint to an empty Destination IP (VPN), and after that I did the same (Empty Source-IP) with the Destination-IP of dnsleaktest (WAN) - voila!
     
    L&LD likes this.
  12. Mirko

    Mirko Occasional Visitor

    Joined:
    Feb 14, 2020
    Messages:
    12
    I managed it now completely. :) I had some serious issues because I changed the IP of my Asus Router recently and somehow that caused problems - well, switched back to 192.168.1.1, restarted the router, followed the Instructions and everything works fine now. The websites that I listed so far there really can see the IP of my ISP and so it shouldn`t cause any further problems or even concerns about security. I can keep my Icelandic VPN, the critical sites will know that I log in with my local IP, everything is fine. :)

    Thanks to all who provided help! This forum is useful and I bookmarked it right away! Looking forward to read you guys in further discussions. If a Admin will check: This thread obviously can be closed. Problem solved!