IPSEC and OpenVPN simultaneously

[thebatfink]

Hi, I currently have an AC68U and would really like IPSEC for my Apple devices when I’m away from home. I realise this riuter isn’t yet supported but is the AC86U currently the best option or is there a better specced Asus router?

My other question is I have an OpenVPN client on my router which a device on my hetwork has all its traffic routed through which works very well. Is it possible to have my Apple device connect in to the router via IPSEC and then have its external requests go through the OpenVPN client instead of default WAN connection? How would I achieve that?

Apple device IPSEC client -> Merlin IPSEC server -> Merlin OpenVPN client -> External OpenVPN server -> Internet

Thanks!

 

[thebatfink]

Have I asked a really dumb question or is it glaringly obvious how to achieve? I’m admittedly not even amateur when it comes to networking. I had a scout about on the wiki and tried a few searches here but wasn’t able to answer myself. I did get the AC86 and ipsec is working well. But would really like to push my connected ipsec clients through the openvpn client if possible.

Thanks

 

[JacquesR]

I'm an amateur, but it seems relatively straightforward, unless I'm missing something. You set up your OVPN server on Merlin to redirect all traffic. Now, any outgoing requests from your router should connect to your external OVPN server.

Once you've done that, whether you're on the LAN or connecting devices via IPsec (or OVPN) to your router, they come in via one set of protocols, and connect to the Internet via another.

On your first question, I can't compare as I've only used the 68U (which doesn't have IPsec) and the 86U. The 86U is performing well when I connect to it via IPsec - I'm consistently getting around a 1/3 of my line-speed (100 Mbps).

 

[thebatfink]

Hi, thanks for the reply.

Actually I don’t want to forward all traffic through the OpenVPN. I have just one computer on the network going through there, the rest of local machines go directly to WAN.

I’d hoped that I could preassign an IP to my IPsec connections and then just route those IP’s through OpenVPN but there seems no option for specifying an IPsec account to a specific IP.. Not that I can see anyway.

 

[JacquesR]

Hi, thanks for the reply.

Actually I don’t want to forward all traffic through the OpenVPN. I have just one computer on the network going through there, the rest of local machines go directly to WAN.

I’d hoped that I could preassign an IP to my IPsec connections and then just route those IP’s through OpenVPN but there seems no option for specifying an IPsec account to a specific IP.. Not that I can see anyway.

There is selective routing for OVPN in Asus-Merlin. So, while you might (I don't know) not be able to pre-assign an IP for the IPsec connection, you could connect, see what the IP is, and then add it to the OVPN selective routing list. But this might be more trouble than it's worth...