Question / Help With PBR?

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
Author Message
gil_happy
DD-WRT User


Joined: 24 Sep 2009
Posts: 139

PostPosted: Fri Sep 23, 2022 13:48    Post subject: Question / Help With PBR? Reply with quote
Hello,

I previously had help on this forum setting up a VPN connection between 2 locations using a couple of Linksys WRT-1900 routers as the OpenVPN client and another WRT-1900 as the OpenVPN server. Now I want to attempt PBR (policy based routing). Here is my reason - right now most of my devices in PH2 connect to the primary home router (192.168.0.1) and go out to the internet. Then, I have 2 devices that always connect to the OpenVPN client router (192.168.0.60) in PH2 and all their traffic connects back to PH1.

I am now thinking about connecting 'all' devices in PH2 to the primary router (192.168.0.1). Then, we can either implement PBR in two different ways (I think):

- we can either say that any device on 192.168.0.1 that tries to access a specific IP / URL, then send the traffic over the VPN client router (192.168.0.60). If that device accesses any other URL or IP, stay on the 192.168.0.1 router and go out the internet.

- or, I can provide the MAC addresses of the two spec clients that when those devices attempt to access a specific URL / IP while on the 192.168.0.1 router, they connect back to the OpenVPN Server in PH1.

I performed a tcpdump on the 192.168.0.60 router to determine the public IP address / URL I want the PBR to apply to. Based upon my existing working setup, I'm not sure if the above PBR is possible? I see there is a section in the DDWRT OpenVPN Client setup guide v16, but I think this is slightly different.

Note: I currently have some PBR configured on 192.168.0.1 for a VPN_SSID that I created on 192.168.0.1 (https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=323957&highlight=)

Thanks
Sponsor
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12812
Location: Netherlands

PostPosted: Sat Sep 24, 2022 7:24    Post subject: Reply with quote
It looks like you want to setup Policy Based Routing on the ISP router 192.168.0.1.

If there is a command line and support for iptables and permanent storage you might set it up manually:
https://wiki.dd-wrt.com/wiki/index.php/Policy_Based_Routing

OR use and rework one of @eibgrad's PBR scripts (ddwrt-ovpn-split): https://pastebin.com/u/eibgrad

I would replace the ISP router with your DDWRT router, as that has built-in PBR in the VPN client both source and destination based

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
gil_happy
DD-WRT User


Joined: 24 Sep 2009
Posts: 139

PostPosted: Mon Sep 26, 2022 13:22    Post subject: Reply with quote
Thanks for this.... I'll take a look at this over the next week.
gil_happy
DD-WRT User


Joined: 24 Sep 2009
Posts: 139

PostPosted: Wed Oct 05, 2022 20:03    Post subject: Reply with quote
egc wrote:
It looks like you want to setup Policy Based Routing on the ISP router 192.168.0.1.

If there is a command line and support for iptables and permanent storage you might set it up manually:
https://wiki.dd-wrt.com/wiki/index.php/Policy_Based_Routing

OR use and rework one of @eibgrad's PBR scripts (ddwrt-ovpn-split): https://pastebin.com/u/eibgrad

I would replace the ISP router with your DDWRT router, as that has built-in PBR in the VPN client both source and destination based


Sorry, I should have stated that every router in my diagram are all DD-WRT (I missed that in your reply).
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12812
Location: Netherlands

PostPosted: Wed Oct 05, 2022 20:19    Post subject: Reply with quote
Then it is very simple set the Openvpn up at the internet connected router and setup the other router as WAP (wireless access point).
_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum