NordVPN on router-allow/restrict clients from using the VPN

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
Author Message
raduoctavian
DD-WRT Novice


Joined: 04 Jun 2021
Posts: 35

PostPosted: Thu Jun 24, 2021 11:56    Post subject: NordVPN on router-allow/restrict clients from using the VPN Reply with quote
Hi everyone,

I'm thinking of getting and setting up NordVPN on my Netgear R7000 router.

I do need, however, to allow most of the connected clients to use NordVPN but a few to not use it.

The thing is that connected to the router I have a TP-Link M5 Deco with a total of 3 decos in my house.

With a couple of exceptions, all the devices in my house are connected to the Deco's network over Wi-fi or cable.

I've attached a screenshot with the clients and how they look like on the router.

If NordVPN is being set up on the router then the Decos will also take over the VPN configuration, right?

My question is: how can I set up on the router a way in which a few of the devices connected to the Internet will NOT use the VPN?

Thank you!
Radu
Sponsor
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12834
Location: Netherlands

PostPosted: Thu Jun 24, 2021 15:01    Post subject: Reply with quote
I am assuming the Deco's are all repeaters so that you have one subnet and all clients get their DHCP from the DDWRT router.

On the DDWRT router set DHCP start at .64 for maximum 64 clients

I am assuming the router is 192.168.1.1

In the OpenVPN PBR field enter:
192.168.1.64/26

that means everything getting its DHCP from the router is now using the the VPN other clients (which use a static lease or static IP outside 64-127) are not.

If you have static leases or IP addresses you want to use the VPN set those from .128 - 191
and add in the PBR field:
192.168.1.128/26

If you want clients not to use the VPN give those a static lease IP address below .64

It is all explained in the PBR guide.

Afterwards you have probably to deal with DNS setting.

By default all clients use the same DNS and in recent builds, when using PBR, the DNS is usually routed via the VPN tunnel.

Non VPN clients can have difficulty with this (Amazon, Netflix etc)

But that is all explained in the DNS problems guide Smile

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
raduoctavian
DD-WRT Novice


Joined: 04 Jun 2021
Posts: 35

PostPosted: Thu Jun 24, 2021 17:20    Post subject: Reply with quote
egc wrote:
I am assuming the Deco's are all repeaters so that you have one subnet and all clients get their DHCP from the DDWRT router.

On the DDWRT router set DHCP start at .64 for maximum 64 clients

I am assuming the router is 192.168.1.1

In the OpenVPN PBR field enter:
192.168.1.64/26

that means everything getting its DHCP from the router is now using the the VPN other clients (which use a static lease or static IP outside 64-127) are not.

If you have static leases or IP addresses you want to use the VPN set those from .128 - 191
and add in the PBR field:
192.168.1.128/26

If you want clients not to use the VPN give those a static lease IP address below .64

It is all explained in the PBR guide.

Afterwards you have probably to deal with DNS setting.

By default all clients use the same DNS and in recent builds, when using PBR, the DNS is usually routed via the VPN tunnel.

Non VPN clients can have difficulty with this (Amazon, Netflix etc)

But that is all explained in the DNS problems guide Smile


Hello egc,

Thanks for the reply!

This is pretty advanced stuff for me but I'll do my best to go through the guide and follow your instructions.

I'll most definitely get back with more questions but hopefully some results too Smile

Thanks!
Radu
raduoctavian
DD-WRT Novice


Joined: 04 Jun 2021
Posts: 35

PostPosted: Wed Jul 07, 2021 7:57    Post subject: Reply with quote
Hi again,

So I've finally got some time on my hands to read through this stuff. I've also consulted the guide I've got here https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=321686 and downloaded "DDWRT Policy Based Routing guide 1.14.pdf".

BUT - the first thing I saw was that I saw no Policy Based Routing field on my router. In other words, under Services - VPN - OpenVPN Client (Enable) I have nothing of a sort. I'm attaching a screenshot. I'm on Firmware: DD-WRT v3.0-r46949 std (06/13/21).

Am I not where I'm supposed to be?

Thanks,
Radu
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12834
Location: Netherlands

PostPosted: Wed Jul 07, 2021 8:10    Post subject: Reply with quote
Have a close look at the pictures in the guide.
Notice the setting of the Advanced Options button Smile

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
raduoctavian
DD-WRT Novice


Joined: 04 Jun 2021
Posts: 35

PostPosted: Wed Jul 07, 2021 8:28    Post subject: Reply with quote
egc wrote:
Have a close look at the pictures in the guide.
Notice the setting of the Advanced Options button Smile


Oh, right.. didn't catch that at first. Thank you egc Smile

Please tell me if I understood this right: after I proceed with the NordVPN's steps on setting the VPN on the router I can use this PBR. I see there's one way for defining that you want X specific addresses to to through the VPN (and have WAN as default) or the other way around.

I would like to have two clients to remain on WAN and not use the VPN (these are my wife's work laptop and mine). I'm attaching a screenshot. All the others should go ahead and use the VPN.

So I could specify which hosts should just use the WAN and everything else would use the VPN, right..?

Also I'm not understanding very good the subnet mask topic.

If the two IPs in yellow should stay on WAN (so no VPN) how can I write this down?

Thanks!
Radu
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12834
Location: Netherlands

PostPosted: Wed Jul 07, 2021 9:41    Post subject: Reply with quote
My first post (second of this thread) basically said it all.

Give the two clients you do not want to use the VPN a static lease outside the dhcp scope which you entered in the PBR field. https://wiki.dd-wrt.com/wiki/index.php/Static_DHCP

Every (range of) IP address you entered in the PBR field will use the VPN

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum