Menu
What's new
By:
Filters Better Search

Help routing VPN to LAN Port

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

O

ooklathemok

New Around Here
I have seen the question in the forum a few times, but no answers as I search. So, it's either incredibly easy and I am missing something or not possible?

My desired setup is this:
RT-AC68U as the main router.
My Apple Airport Extreme Base Station in bridge mode as VPN.

This way, I can switch SSIDs on devices to be on my ISP or VPN. It seems backwards because the locked down Airport cannot use a VPN, but I just got the RT AC68U and trust it to manage the internet better.

OpenVPN is setup with GUI and working currently but how do I get the ASUSwrt to route the VPN to only a single LAN port? Assuming I will have to use jffs and iptables but I am a bit lost. Perhaps combining info in the selective routing thread and using the info from this thread about the ports would be a good place to start?

Or does anyone have a suggestion for better search terms? Sorry for being so green. Just opened the box today and installed RMerlin's firmware. Previously I had an old Buffalo router with DD-WRT running my VPN.
 
tutorials for learning iptables

Well, obviously I am a total leech just showing up here and asking for help. So it's time to back the train up and start from the beginning. I've found two sites to help me learn iptables:

http://artoflinux.blogspot.ca/2008/07/iptables-tutorial-for-beginners.html

http://www.garron.me/en/linux/iptables-manual.html

I guess I'll start here. I'm not entirely sure how to single out the ethernet ports on the back of the router but that's getting way ahead of myself. Maybe it's not even possible? Have a great weekend.
 
Using sinshiva's post, I think I see how to single out the ehternet LAN port on the back of the ASUS router and assign it to a vlan.

From the system logs and other posts here, I see that my OpenVPN connection is tun11.

Now, I just need to figure out a rule or filter to send the VPN to a vlan. Though, I am uncertain what happens to the rest of the traffic. Using sinshiva's method above, creating vlan 1 and vlan 4, I suppose I would need a rule for vlan 1 as well.
 
Maybe possible. Try Google this, "iptables acts on routing, while ebtables acts on switching"

1. Use robocfg to reconfigure the VLANs of your router. Example: How to move the Ethernet LAN port#4 from VLAN1 to a new VLAN, named 'VLAN10'.

/jffs/scripts/firewall-start
Code: 
robocfg vlan 1 ports "1 2 3 5t"
robocfg vlan 10 ports "4 5t"
vconfig add eth0 10
ifconfig vlan10 up
brctl addif br0 vlan10
# TODO: add ebtables rules here

2. Now use ebtables to handle the switching. See I did something different, but I think it's the same idea.
Force LAN port 4 to use the Guest network for Asus/merlin RT-AC68U
http://www.smallnetbuilder.com/forums/showthread.php?t=18969
 
Thank you so much. I had a link to your thread as well. :)
And thank you for the search suggestion. I am starting to understand the scripts I am reading here, but I didn't know the difference between ebtables and iptables. Obviously, I have more learning to do.

Asuswrt-Merlin seems pretty great so I want to take advantage of it to manage my home. Currently, I have it behind the Airport Extreme Base Station which is woefully locked down. However, I suppose this will allow me to experiment with these scripts and still have internet.
 
Traffic to VPN

ooklathemok said:
My desired setup is this:
RT-AC68U as the main router.
My Apple Airport Extreme Base Station in bridge mode as VPN.
Click to expand...

Do you mean having the AC68U connected to ISP and also having a VPN tunnel, with the Airport router bridged behind it? and you want all devices connected to the Airport to route through the VPN?

If so, I would do the following (using the selective routing thread):

On the 68U, add a selective route to direct all traffic to the VPN for the IP assigned to the WAN port of the Airport router (make it a static IP).

If the above route alone doesn't work, then add another selective route for the subnet used in the Airport router.

I figure in this scenario, you have to use the Airport in AP mode, and if available, disable NAT on it.

Good luck!
 
You must log in or register to reply here.

Similar threads

P
Accessing remotly Server While Using VPN on Asus Router with Merlin Firmware
Replies
9
Views
228
eibgrad
eibgrad
O
PI hole + unbound + domain vpn routing
Replies
10
Views
673
OBENZ
O
CaptnDanLKW
VPN Stays connected but Stops Routing after DoH Change
Replies
2
Views
398
eibgrad
eibgrad
K
DomainVPNRouting Domain VPN Routing help
Replies
4
Views
384
js28194
J
R
ASUS RT-AX86 Open VPN No LAN Access
Replies
18
Views
1K
Celo
C
Similar threads
Thread starter Title Forum Replies Date
G [Help] Routing VPN server through VPN client (external VPN Provider) Asuswrt-Merlin 14
el_pedr0 Please help me diagnose knotty routing problem Asuswrt-Merlin 4
T [Help] Problems setting up OpenVPN Asuswrt-Merlin 7
staralfur12 Need help with Namecheap -> Router -> Caddy Asuswrt-Merlin 10
P Asus aimesh node disconnects frequently, corresponding log entries recorded. Need help understanding the log. Asuswrt-Merlin 5
V Asus RT-AX3000 Help Asuswrt-Merlin 5
StrikerXXX Need help configuring NextDNS Asuswrt-Merlin 14
L ASUS RT-AX5400 Help Asuswrt-Merlin 1
Sunny786 Help Needed: Configuring OpenVPN Server and Instant Guard on Asus GT-AX11000 with Technicolor CobraXh Modem Router Asuswrt-Merlin 11
J Help/advice needed for accessing GT-AX11000 SMB shares from WSL Asuswrt-Merlin 6

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 660 (members: 13, guests: 647)
Top