What's new

VPN routing question

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

QuikSilver

Very Senior Member
I'm in the process of setting up my router to use NordVPN when needed. One option I like is the "block routed clients if tunnel goes down" because my understanding is it the VPN drops while the service is on it will stop internet traffic to and from that device. My issue seems to be that that option also stops internet service when the VPN is turned off using the toggle. I would assume there is something I can put into the custom field to remedy this but I am not sure, thanks!
 
I'm in the process of setting up my router to use NordVPN when needed. One option I like is the "block routed clients if tunnel goes down" because my understanding is it the VPN drops while the service is on it will stop internet traffic to and from that device. My issue seems to be that that option also stops internet service when the VPN is turned off using the toggle. I would assume there is something I can put into the custom field to remedy this but I am not sure, thanks!
Did you see this page on the RMerlin Wiki?
https://github.com/RMerl/asuswrt-merlin/wiki/Policy-based-routing

I think the very bottom is what you need to solve this.
Code:
A common configuration setup where you want your whole LAN to go through the VPN, but not the router itself:

LAN        192.168.1.0/24    0.0.0.0        VPN
Router        192.168.1.1    0.0.0.0        WAN
I use this but have a couple clients that I exclude from the VPN by routing via WAN.
Code:
Excluded Device    192.168.1.xxx    0.0.0.0     WAN
 
Did you see this page on the RMerlin Wiki?
https://github.com/RMerl/asuswrt-merlin/wiki/Policy-based-routing

I think the very bottom is what you need to solve this.
Code:
A common configuration setup where you want your whole LAN to go through the VPN, but not the router itself:

LAN        192.168.1.0/24    0.0.0.0        VPN
Router        192.168.1.1    0.0.0.0        WAN
I use this but have a couple clients that I exclude from the VPN by routing via WAN.
Code:
Excluded Device    192.168.1.xxx    0.0.0.0     WAN
I saw that but don't believe that to be my issue. What I'm trying to accomplish is to force the devices set in the policy to go through the VPN when turned on and block traffic it VPN tunnel goes down due to network issue. It seems that the option forces it to block even when the service has been turned off and not needed anymore.
 
I saw that but don't believe that to be my issue. What I'm trying to accomplish is to force the devices set in the policy to go through the VPN when turned on and block traffic it VPN tunnel goes down due to network issue. It seems that the option forces it to block even when the service has been turned off and not needed anymore.
Ah, I see. Yes that is correct, if that setting to block clients if VPN is down / off / not used, it does block any clients configured to go through VPN if set.

Maybe there is an nvram command that could be used via scripting to change when not needed. I don't remember seeing any. I want my VPN full time and all clients to use it, except the router itself and those two aforementioned clients.

Good luck.
 
Ah, I see. Yes that is correct, if that setting to block clients if VPN is down / off / not used, it does block any clients configured to go through VPN if set.

Maybe there is an nvram command that could be used via scripting to change when not needed. I don't remember seeing any. I want my VPN full time and all clients to use it, except the router itself and those two aforementioned clients.

Good luck.
Thanks, I guess what I am trying to accomplish is more "on-demand" when set to "On" it forces those clients and/or blocks them when disconnected, when off, its back to "everyone gets internet again".
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top