Joined: 18 Sep 2010
|Posted: Sat Jul 25, 2020 2:44 Post subject:
|By default, all SSIDs are bridged (along w/ the wired ports of the switch) to the default bridge (br0). As such, there's no way to distinguish clients (for routing purposes) based on which SSID they used (or even if it was via a wired connection) to gain access to the system. And therefore you can't limit access of the OpenVPN client to a specific SSID.
The only way to do that would be to *remove* one of the SSIDs from the default bridge (or perhaps create a new virtual SSID), create a new bridge (e.g., br1), assign the SSID to that bridge, give the new bridge its own IP network (e.g., 192.168.2.0/24), and then configure PBR (policy based routing) in the OpenVPN client w/ that IP network.
IOW, you *indirectly* associate a given SSID w/ the OpenVPN network by making sure that that SSID has its own IP network, separate from any other networks, and use that in the PBR field.
Note, some ppl like to use a second "VPN router" to achieve the same results. They daisy-chain a second router to the primary router (WAN to LAN, respectively) and assign the second router a different IP network (e.g., 192.168.2.0/24). Now when you configure and connect the OpenVPN client on that second router, any clients of that router are routed over the VPN.
DD-WRT: DNS Leak Detection w/ VPNs (updated 6/5/19)