Request: Can VPN <Rules for routing client traffic> be MAC based instead of IP based?

[PhilipJD]

Feature Request: Can VPN <Rules for routing client traffic> be MAC based instead of IP based?

For the routing to work i need to give all the devices i don't want to tunnel a static ip.
This means i need to give 2 tv's, a mediaplayer, 4 phones, 2 ipads & most importantly a work laptop a static ip.
Why not tunnel those devices you ask?

- Work laptop connects via work VPN, corporate sees my already tunneled connection as possible hacker. I don't have admin rights on the work laptop so i'm blocked from changing ip from DHCP to static.
- Two kids ipad's and 2 tv's are used to view Netflix; should not be tunneled. The kids ipad go everywhere (Family, friends, restaurants), very time consuming to constantly change from DHCP to Static at home.

MAC based routing for VPN is way more robust, please implement it.
Another way to get the same result would be an option to set Default traffic VPN/WAN so that i could direct all traffic to WAN and only specific IP's over VPN.

 

[octopus]

Have you read README-Merlin.txt?

 

[PhilipJD]

Yes i have and no i have no desire to do the whole VPN configuration with scripts (which would only provide me with the only-to-be-vpn-ed-ip's workaround).

I posted the request because the easy to use user interface is so close to my desired solution.

 

[RMerlin]

Can VPN <Rules for routing client traffic> be MAC based instead of IP based?

It can't. TCP/IP routing is based on IPs, not lower-level MACs. Linux's routing database has no concept of MACs.

 

[PhilipJD]

Thank you for the quick reply. That's too bad. I guess having logic in the firmware to have the routing mac based and translating that to the current ip's using the router client table would be a litte far fetched. I will look into the manual scripting solution.

 

[maurer]

why don't you just use: "Manually Assigned IP around the DHCP list (Max Limit : 128)" ?

 

[PhilipJD]

Because of the reasons i described in detail in my starting post.

 

[john9527]

Another way to get the same result would be an option to set Default traffic VPN/WAN so that i could direct all traffic to WAN and only specific IP's over VPN.

Uhhh....that's the way it works. If you enable Policy based routing, the default is that all traffic is directed via the WAN. You then add the individual clients you want to use the VPN. (Or conversely, you can add a rule in CIDR format to direct all traffic to the VPN, and then add exceptions to be directed via WAN).

 

[sfx2000]

MAC based routing for VPN is way more robust, please implement it.

Routing is IP based, no way around that...

 

[PhilipJD]

Thanks john9527, i didn't get that from the interface or the manual.

 

[Bagpuss]

I'm currently doing exactly what you are requesting, and all through the GUI.
All my devices are set to use DHCP, but I've added static mappings in the DHCP server which ensures that specific MAC addresses are always given the same IP address over DHCP.

My LAN uses 192.168.0.x for the IP addressing scheme, and I've got the following set in the policy based routing table:

Description Source IP Destination IP Interface
Other Hosts 192.168.0.0/24 0.0.0.0 VPN
Work Laptop 192.168.0.10 0.0.0.0 WAN
iPad 192.168.0.20 0.0.0.0 WAN
iPhone 192.168.0.30 0.0.0.0 WAN

This setup works perfectly, and ensures that my daughter's iPad and iPhone use the WAN, as does my work laptop (which has the same VPN issue as you).
I believe this is precisely what John is describing in his post above.