Route specific IP through VPN?

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Broadcom SoC based Hardware
Author Message
lolcocks
DD-WRT User


Joined: 31 May 2013
Posts: 107

PostPosted: Fri Jun 21, 2019 16:30    Post subject: Route specific IP through VPN? Reply with quote
Hello,

Is it possible to route a specific IP's traffic through my VPN?

Thing is, I am under CG-NAT, and I want to access that device which is a camera NVR from outside.

Will it be possible to route all the traffic from that IP address through my VPN so that I can connect to my VPN's IP address and can access it from anywhere.

I am currently using Netgear R6400 with DD-WRT version "DD-WRT v3.0-r38580M kongac (02/05/19)".
Sponsor
eibgrad
DD-WRT Guru


Joined: 18 Sep 2010
Posts: 8034

PostPosted: Fri Jun 21, 2019 18:16    Post subject: Reply with quote
I assume you're running your own OpenVPN *server*.

A CGNAT network IP is typically NOT routable from the internet because it uses the *private* IP network of 100.64.0.0/10, which is the functional equivalent of trying to route to 192.168.x.x (not going to happen).

Unless you can convince your ISP to provide you w/ a routable public IP, then you don't have many options. You could use a commercial OpenVPN provider that supports port forwarding, so you can tunnel back into your home network. Or perhaps configure your own OpenVPN server on a VPS, connect your OpenVPN client at home to that server, and tunnel back into your home network. I know some ppl actually do this, because they have no other viable options.

_________________
DD-WRT: DNS Leak Detection w/ VPNs (updated 6/5/19)
NEW SCRIPT!: ddwrt-mount-usb-drives.sh
NEW SCRIPT!: ddwrt-blacklist-domains.sh
NEW SCRIPT!: ddwrt-ovpn-remote-access.sh
NEW SCRIPT!: ddwrt-pptp-policy-based-routing.sh
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 3682
Location: Netherlands

PostPosted: Fri Jun 21, 2019 18:18    Post subject: Reply with quote
With policy based routing you can set which ip address you want to route through the vpn client.
In the PBR field enter the ip address of your camera and then that will be routed through the vpn.

For port forwarding through the vpn ask your vpn provider.

If you also want to view your camera from the lan you have to use @Eibgrads script to copy local routes to the alternate routing table or my PBR solution, see my signature at the bottom of this post.

Edit: my bad thought you were referring to a VPN client

_________________
Routers:Netgear R7800, Netgear R6400v1, Netgear R6400v2, Linksys EA6900 (XvortexCFE), Linksys E2000 (converted WRT320N), WRT54GS v1.
Install guide Linksys EA6900: http://www.dd-wrt.com/phpBB2/viewtopic.php?t=291230
Simple PBR (Policy Based Routing) script: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=318662
Install guide R6400v2:http://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
OpenVPN server setup guide:
https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=318795
Install guide R7800: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614


Last edited by egc on Fri Jun 21, 2019 18:21; edited 1 time in total
lolcocks
DD-WRT User


Joined: 31 May 2013
Posts: 107

PostPosted: Fri Jun 21, 2019 18:19    Post subject: Reply with quote
eibgrad wrote:
I assume you're running your own OpenVPN *server*.

A CGNAT network IP is typically NOT routable from the internet because it uses the *private* IP network of 100.64.0.0/10, which is the functional equivalent of trying to route to 192.168.x.x (not going to happen).

Unless you can convince your ISP to provide you w/ a routable public IP, then you don't have many options. You could use a commercial OpenVPN provider that supports port forwarding, so you can tunnel back into your home network. Or perhaps configure your own OpenVPN server on a VPS, connect your OpenVPN client at home to that server, and tunnel back into your home network. I know some ppl actually do this, because they have no other viable options.



I am running a PPTP VPN actually.

I don't want to run a VPN server on the router, I want one of my IP address to connect to the VPN.
eibgrad
DD-WRT Guru


Joined: 18 Sep 2010
Posts: 8034

PostPosted: Fri Jun 21, 2019 18:21    Post subject: Reply with quote
lolcocks wrote:
eibgrad wrote:
I assume you're running your own OpenVPN *server*.

A CGNAT network IP is typically NOT routable from the internet because it uses the *private* IP network of 100.64.0.0/10, which is the functional equivalent of trying to route to 192.168.x.x (not going to happen).

Unless you can convince your ISP to provide you w/ a routable public IP, then you don't have many options. You could use a commercial OpenVPN provider that supports port forwarding, so you can tunnel back into your home network. Or perhaps configure your own OpenVPN server on a VPS, connect your OpenVPN client at home to that server, and tunnel back into your home network. I know some ppl actually do this, because they have no other viable options.



I am running a PPTP VPN actually.

I don't want to run a VPN server on the router, I want one of my IP address to connect to the VPN.


Then as @egc suggests, you need to use PBR (policy based routing). But unlike the OpenVPN client which supports PBR in the GUI, for PPTP, you'd have to implement your own PBR.

Also, this assumes your VPN provider supports port forwarding (some do, most don't).

_________________
DD-WRT: DNS Leak Detection w/ VPNs (updated 6/5/19)
NEW SCRIPT!: ddwrt-mount-usb-drives.sh
NEW SCRIPT!: ddwrt-blacklist-domains.sh
NEW SCRIPT!: ddwrt-ovpn-remote-access.sh
NEW SCRIPT!: ddwrt-pptp-policy-based-routing.sh
lolcocks
DD-WRT User


Joined: 31 May 2013
Posts: 107

PostPosted: Fri Jun 21, 2019 18:30    Post subject: Reply with quote
eibgrad wrote:
lolcocks wrote:
eibgrad wrote:
I assume you're running your own OpenVPN *server*.

A CGNAT network IP is typically NOT routable from the internet because it uses the *private* IP network of 100.64.0.0/10, which is the functional equivalent of trying to route to 192.168.x.x (not going to happen).

Unless you can convince your ISP to provide you w/ a routable public IP, then you don't have many options. You could use a commercial OpenVPN provider that supports port forwarding, so you can tunnel back into your home network. Or perhaps configure your own OpenVPN server on a VPS, connect your OpenVPN client at home to that server, and tunnel back into your home network. I know some ppl actually do this, because they have no other viable options.



I am running a PPTP VPN actually.

I don't want to run a VPN server on the router, I want one of my IP address to connect to the VPN.


Then as @egc suggests, you need to use PBR (policy based routing). But unlike the OpenVPN client which supports PBR in the GUI, for PPTP, you'd have to implement your own PBR.

Also, this assumes your VPN provider supports port forwarding (some do, most don't).



Okay, thanks.
Yes, the VPS on which I have setup my VPN supports port forwarding.

How difficult is making my own PBR for PPTP?
eibgrad
DD-WRT Guru


Joined: 18 Sep 2010
Posts: 8034

PostPosted: Fri Jun 21, 2019 18:40    Post subject: Reply with quote
I wrote the following script some time ago. Not even sure it works, it's been so long since I've even touched it or used the PPTP client.

https://pastebin.com/9DUMFJgN

_________________
DD-WRT: DNS Leak Detection w/ VPNs (updated 6/5/19)
NEW SCRIPT!: ddwrt-mount-usb-drives.sh
NEW SCRIPT!: ddwrt-blacklist-domains.sh
NEW SCRIPT!: ddwrt-ovpn-remote-access.sh
NEW SCRIPT!: ddwrt-pptp-policy-based-routing.sh
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum