Whole Network VPN

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.


New Around Here
I have been running a VPN on my router for probably a couple of years now and something has happened to my router. I suspect I am trying to get too much out of the router and whilst I am up and running again it is temporarily without the VPN.
I can't see any way of getting a similar router setup using Wireguard which seems to be a more efficient protocol so can I just keep things simple on the router and use a seperate deice for the VPN part of things, I have seen mention of VPN Routers and they can use a Raspberry Pi for that, is that a workable option? IS there anything else suitable in a home situation.

I have been using the 'Policy Rules' option on my Asus router to route specific IP addresses through the VPN and I would like to still do that but it would be good if I could configure 2 WiFi networks, 1 to use the VPN and the other to bypass it. Any advice on this?



Very Senior Member
As I explained in the following thread…

I believe the easiest solution is to use an additional router daisy-chained to the primary router for establishing this secondary network. Then you hang the RPI w/ its WG (Wireguard) VPN off a LAN port of that secondary router and reconfigure its DHCP server to return the RPI's IP as the gateway for its local network. You'd also want to make sure to deny access to the WAN by clients of the secondary router (except of course for the RPI), w/ the RPI being the only device w/ its default gateway still pointing to the WAN.

Notice this approach avoids the whole issue of PBR (policy based routing) for WG because you are effectively implementing PBR by means of the change in the default gateway!

The alternative would be to use scripting to jury-rig Asuswrt-Merlin into supporting multiple networks. But I can't say I'm fond of this approach. Unlike other firmware where multiple networks are native to the GUI (e.g., Freshtomato) making this relatively easy to implement within a single router, Asuswrt-Merlin just wasn't designed to support it. And so rather than deal w/ the messy details of VLANs, robocfg, etc., and given that so many ppl have spare routers otherwise collecting dust on the shelf, I just find it makes more sense to put that hardware back to use.

Of course, if you were willing to abandon Asuswrt-Merlin entirely for something like FreshTomato, this would make things even easier (the one router could do it all). But I know most ppl would prefer to stick w/ Asuswrt-Merlin for the sake of its other nice features.
Last edited:

Similar threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!