Posted: Wed Dec 22, 2021 15:38 Post subject: VPN routing issues
I managed to successfully (lots of reading, thanks everyone!) setup a vpn on my router, and managed to set a range of IPs to use the VPN, set some specific static leases IPs and those IPs not to use VPN BUT have run into one issue.
Before, I used Remmina to RDP from my desktop/192.168.1.122 into one of my headless computers/192.168.1.121; both set as Static Leases, and have a cidr set to:
So neither 122 or 121 are supposed to use the VPN.
The problem is though, I now can't RDP into my headless computer? I assume maybe the CIDR but have tried a variety of ranges.
I also used @SurprisedItWorks killswitch (thanks!!!!)
The build which is advised to use is build 47900 or better 47911.
A kill switch is built-in, no need to use a script just tick/enable Kill switch.
Set your DHCP range on setup page to start at .64 for 64 clients.
Static leases must be set outside the DHCP range!
For clients with static leases you do not want to use the VPN choose addresses below .64
For clients with static leases you do want to use the VPN choose addresses from .128-191
In the PBR field enter for the DHCP addresses to use the VPN:
192.168.1.64/26
and for the static leases from .128-191 enter:
192.168.1.128/26
Static leases can best/easiest be set in the Additional DNSMasq options like:
dhcp-host=00:08:9B:XX:XX:XX,QNAP453,192.168.0.91,1440m
had no idea about the killswitch feature, sweet! thanks!
So when you say start my dhcp range at 64 that means it would be 192.168.1.64 i guess, I can totally do that but am just curious (still learning) why not start at 192.168.1.100?
As for static leases, I want most of the devices including one static lease using the vpn (a fair amount of tablets, IoT devs, etc - would be a bit of a pain to set each one?), and the remaining two static leases going straight to "clearnet".
so in sticking with the .64 and below range, if i dont set 192.168.1.64/26 then .64 and below will default to using the vpn I think? (sorry, this is a bit of a brain workout for me at least).
and I set the two that i do not want to use the vpns to say .65 and .66 with a pbr rule of 192.168.1.128/26 ... ok, thats not right?
I guess I am getting hung up on making my setup default to everything except a very few devs to use the vpn so I dont need to set up every dev as a static address?
Joined: 13 Aug 2013 Posts: 6868 Location: Romerike, Norway
Posted: Fri Dec 24, 2021 22:49 Post subject:
dan95 wrote:
So when you say start my dhcp range at 64 that means it would be 192.168.1.64 i guess, I can totally do that but am just curious (still learning) why not start at 192.168.1.100?
100 is not a rundt binary number you can address with a CIDR notation.
