route specific devices through OpenVPN

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Broadcom SoC based Hardware
Author Message
Thorvindr
DD-WRT Novice


Joined: 25 Apr 2018
Posts: 3

PostPosted: Wed Apr 25, 2018 16:28    Post subject: route specific devices through OpenVPN Reply with quote
I really hope this is the right place to ask for help with this. This seems like a very technical forum about much deeper stuff than I need help with. If this isn't the place for this, hopefully somebody can direct me to the proper resource.

I'm running DD-WRT firmware on my Netgear r7000. I currently have it setup as an OpenVPN client, so all Internet traffic is routed through the VPN. I want to setup my network so that wired traffic gets routed through the VPN but wireless traffic does not.

Actually, I'd ideally like to pick and choose which specific devices go through the VPN and which ones don't but for my current situation, it just happens that all the devices I want routed through the VPN happen to be wired.

Can anybody tell me how to do that? I don't necessarily need a step-by-step guide. "Use [name of feature or process]" might be enough that I can Google up a solution.

I do have a second router I can setup (a Netgear wnr3500) but I'd really rather not have to.
Sponsor
boochi99
DD-WRT User


Joined: 31 Jan 2012
Posts: 77
Location: North Carolina

PostPosted: Wed Apr 25, 2018 17:10    Post subject: Reply with quote
1. First thing assign static leases to all devices. This may take some time.
2. Under OpenVPN Client, look for Policy Based Routing and enter every devices static IP that you want routed through the VPN. Like the following examples.
192.168.1.2/32
192.168.1.3/32
192.168.1.7/32
192.168.1.12/32
3. If you want a killswitch to block internet to those devices if the VPN goes down, go to Commands and add a line for each device again and save as firewall. Like these examples
iptables -I FORWARD -s 192.168.1.2 -o $(nvram get wan_iface) -j REJECT
iptables -I FORWARD -s 192.168.1.3 -o $(nvram get wan_iface) -j REJECT
iptables -I FORWARD -s 192.168.1.7 -o $(nvram get wan_iface) -j REJECT
iptables -I FORWARD -s 192.168.1.12 -o $(nvram get wan_iface) -j REJECT

Reboot and try it out.
Thorvindr
DD-WRT Novice


Joined: 25 Apr 2018
Posts: 3

PostPosted: Wed Apr 25, 2018 17:37    Post subject: Reply with quote
Thanks! That seems like everything I need. I'll give it a try tonight and see if it eases my woes. I already use static IP addresses with every device that lives in my house, so time saved there.

So this will mean that anything that doesn't have a specific rule will NOT get routed through the VPN? That should be adequate but is there a way I can do the opposite? So have the default behavior be "route everything through the VPN" but have rules that say "but not this specific device."
Per Yngve Berg
DD-WRT Guru


Joined: 13 Aug 2013
Posts: 5136
Location: Akershus, Norway

PostPosted: Wed Apr 25, 2018 18:32    Post subject: Reply with quote
That cannot be done, but you can put a range in the PBR.

192.168.1.32/26
192.168.1.64/26
192.168.1.128/24

will put everything between 32-255 through the tunnel.
Thorvindr
DD-WRT Novice


Joined: 25 Apr 2018
Posts: 3

PostPosted: Wed Apr 25, 2018 19:05    Post subject: Reply with quote
Ah! I can make rules for all the devices that live here and need the VPN, and also make a rule for a separate address range. Then I can tell it to assign addresses within that range to any device that doesn't already have a static address.

Right?
Per Yngve Berg
DD-WRT Guru


Joined: 13 Aug 2013
Posts: 5136
Location: Akershus, Norway

PostPosted: Wed Apr 25, 2018 20:25    Post subject: Reply with quote
Yes.

Make a DHCP scope 192.168.1.32-255

All DHCP clients will be routed through the VPN. Use static leases or static addresses below 32 for non VPN routed clients.
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum