VPN Director on ASUS AX88-U

[Svalbaard]

Hello everyone. I hope I have posted this in the right section rather than the ASUSWRT specific section.

I have just upgrade to Merlin 386.3 and am liking the VPN director functionality. On the previous versions however, every device behind my router used to be forced to go through a VPN interface. If I wanted to exclude any single device so it instead went through the standard WAN, then I'd have to turn the VPN profile off, hence forcing all devices to go then go through the WAN interface rather than the VPN interface. I could not ever seem to create a rule (that actually worked) that simply forced one device through the WAN, and everything else to go through the VPN.

Using VPN Director, it seems I'm in the same place in that to achieve this I'd need to create a separate rule for every device on my network, for every VPN interface (I generally have 3 OVPN client interfaces configured on the router) so for example I have network 10 devices I'd potentially need to create 30 rules (10 devices x 3 OVPN profiles) - and also create a specific rule also for the device that I only want to go through the WAN interface.

Notwithstanding that some of these use DHCP which means that those IP addresses might change, am I into a world of constant rule management? Also if I wanted to add a new OVPN profile then I'd also have to recreate another set of 10 or so rules.

So my question is (I guess) I there an easier way to exclude any single device to force it through the WAN, and have everything else go through the VPN interface(s)?

I hope that makes sense. If so, am I missing something obvious?

Many thanks in advance.




Sval

 

[GSpock]

... may be look to assign a static IP for the one device you want to go to WAN, and use CIDR to direct all others to VPN ....

 

[eibgrad]

I could not ever seem to create a rule (that actually worked) that simply forced one device through the WAN, and everything else to go through the VPN.

All that's required is two rules. One that routes *everything* through the VPN, and another that routes that one device over the WAN. Even though everything is routed over the VPN, the WAN rule will take precedence over the VPN rule for that one device.

192.168.1.0/24 VPN
192.168.1.100 WAN

 

[bakgwei]

To add to the question, what if I wanted to specific device (my TV) to go through a different VPN? My setting is like this, but it doesnt work - the specified device still uses VPN1:

192.168.1.0/24 VPN1
192.168.1.100 VPN2

 

[alecmascot]

You need to reverse the order !
First match is applied

 

[bakgwei]

Thanks, but that does not work unfortunately. As soon as you add a rule with an IP like xxxx/24, it will always add it to the top of the list - even when you have created a rule for a specific device before.

 

[bakgwei]

Update: I played around with it some more and also reversed the order of the VPN connections itself. I added the VPN that I wanted to use for a specific device first (VPN1), then the VPN that I want to use for all other devices (VPN2). That way it works like a charm. I guess this is what you wer trying to tell me?

My setup now looks like this, which works great:

 

[Svalbaard]

Sorry for the delay in response, but just wanted to thank you all for your help. Your combined advice worked a treat and I now have it all working as I want.

Thanks again.