Joined: 18 Mar 2014 Posts: 13279 Location: Netherlands
Posted: Thu Jun 24, 2021 15:01 Post subject:
I am assuming the Deco's are all repeaters so that you have one subnet and all clients get their DHCP from the DDWRT router.
On the DDWRT router set DHCP start at .64 for maximum 64 clients
I am assuming the router is 192.168.1.1
In the OpenVPN PBR field enter:
192.168.1.64/26
that means everything getting its DHCP from the router is now using the the VPN other clients (which use a static lease or static IP outside 64-127) are not.
If you have static leases or IP addresses you want to use the VPN set those from .128 - 191
and add in the PBR field:
192.168.1.128/26
If you want clients not to use the VPN give those a static lease IP address below .64
It is all explained in the PBR guide.
Afterwards you have probably to deal with DNS setting.
By default all clients use the same DNS and in recent builds, when using PBR, the DNS is usually routed via the VPN tunnel.
Non VPN clients can have difficulty with this (Amazon, Netflix etc)
I am assuming the Deco's are all repeaters so that you have one subnet and all clients get their DHCP from the DDWRT router.
On the DDWRT router set DHCP start at .64 for maximum 64 clients
I am assuming the router is 192.168.1.1
In the OpenVPN PBR field enter:
192.168.1.64/26
that means everything getting its DHCP from the router is now using the the VPN other clients (which use a static lease or static IP outside 64-127) are not.
If you have static leases or IP addresses you want to use the VPN set those from .128 - 191
and add in the PBR field:
192.168.1.128/26
If you want clients not to use the VPN give those a static lease IP address below .64
It is all explained in the PBR guide.
Afterwards you have probably to deal with DNS setting.
By default all clients use the same DNS and in recent builds, when using PBR, the DNS is usually routed via the VPN tunnel.
Non VPN clients can have difficulty with this (Amazon, Netflix etc)
But that is all explained in the DNS problems guide
Hello egc,
Thanks for the reply!
This is pretty advanced stuff for me but I'll do my best to go through the guide and follow your instructions.
I'll most definitely get back with more questions but hopefully some results too
So I've finally got some time on my hands to read through this stuff. I've also consulted the guide I've got here https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=321686 and downloaded "DDWRT Policy Based Routing guide 1.14.pdf".
BUT - the first thing I saw was that I saw no Policy Based Routing field on my router. In other words, under Services - VPN - OpenVPN Client (Enable) I have nothing of a sort. I'm attaching a screenshot. I'm on Firmware: DD-WRT v3.0-r46949 std (06/13/21).
Have a close look at the pictures in the guide.
Notice the setting of the Advanced Options button
Oh, right.. didn't catch that at first. Thank you egc
Please tell me if I understood this right: after I proceed with the NordVPN's steps on setting the VPN on the router I can use this PBR. I see there's one way for defining that you want X specific addresses to to through the VPN (and have WAN as default) or the other way around.
I would like to have two clients to remain on WAN and not use the VPN (these are my wife's work laptop and mine). I'm attaching a screenshot. All the others should go ahead and use the VPN.
So I could specify which hosts should just use the WAN and everything else would use the VPN, right..?
Also I'm not understanding very good the subnet mask topic.
If the two IPs in yellow should stay on WAN (so no VPN) how can I write this down?