OpenVPN for specific host(s) on LAN?

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
Author Message
timg11
DD-WRT User


Joined: 22 Aug 2012
Posts: 62

PostPosted: Sat Aug 09, 2014 19:05    Post subject: OpenVPN for specific host(s) on LAN? Reply with quote
I would like to run the OpenVPN client on my DD-WRT router, and have the traffic from a specific host or hosts on my LAN go through the VPN. Traffic from the other hosts would not pass through the VPN.

I cannot install an OpenVPN client on the specific host because it is an embedded device that is not open for new software. Therefore, I would like to install the VPN client on the router. (DD-WRT v24-sp2 std-usb-nas) on Linksys E4200) The OpenVPN server would be provided by a service like IPvanish.

Is there a configuration to route only specific host's traffic through the OpenVPN tunnel?
Sponsor
gurabli
DD-WRT Novice


Joined: 18 Aug 2014
Posts: 20

PostPosted: Mon Aug 18, 2014 6:33    Post subject: Reply with quote
I'm quite a n00b, so I'm just guessing that my question is related to the OP's question.

I will receive soon my TP-Link WR1045ND v1.8 router with dd-wrt installed on it (believe the latest version).

I have two PC's connected to the router and for both I'm using openVPN with EarthVPN service. Is it possible to configure the router that only the two PC's traffic (both fixed IP on local net) are using the openVPN connection, but all the other devices connecting to the router access internet directly, not through openVPN (othe computers on LAN, and all the wifi devices)?

EDIT: to make it simple:

IP: 192.168.1.103 and 192.168.1.104 all the traffic over openVPN, and all the other assigned fixed or DHCP IP's direct access to internet.

If yes, can you please link me a tutorial for this or give me a hint how to start?

Thanks!
BasCom
DD-WRT Guru


Joined: 29 Jul 2009
Posts: 1378
Location: Germany

PostPosted: Mon Aug 18, 2014 12:44    Post subject: Reply with quote
google for: policy based routing
_________________
RT-N66U @ Build 25697M K3.10.63
TL-WR842ND v1 @ BS-build 23919 WDS AP
TL-WR841ND @ BS-build 23919 WDS Client
TL-WR841ND @ BS-build 23919 Client Bridge ( Routed )
gurabli
DD-WRT Novice


Joined: 18 Aug 2014
Posts: 20

PostPosted: Wed Aug 27, 2014 18:35    Post subject: Reply with quote
Since it is a quite advance configuration, I would like to ask for your help. I can set up openVPN client, but please help me with the policy based routing. I have red a lot about it, and there are things I'm not sure.

I would like to have only the following two ip's to go through openVPN:

192.168.1.103
192.168.1.104

All the other ip's (including GUI, 192.168.1.1) to NOT use vpn but access directly my ISP.

What should I enter into the Policy Based Routing and in what form?
I would not like to lock myself out from the router GUI, etc.

Many thanks!
timg11
DD-WRT User


Joined: 22 Aug 2012
Posts: 62

PostPosted: Wed Aug 27, 2014 19:04    Post subject: Reply with quote
BasCom, thanks for the tip. It looks complicated and will require some study to implement. But definitely possible, though.
BasCom
DD-WRT Guru


Joined: 29 Jul 2009
Posts: 1378
Location: Germany

PostPosted: Fri Aug 29, 2014 5:16    Post subject: Reply with quote
i didnt use it myself, so i cannot give you further information, but this is, what you are looking for.
_________________
RT-N66U @ Build 25697M K3.10.63
TL-WR842ND v1 @ BS-build 23919 WDS AP
TL-WR841ND @ BS-build 23919 WDS Client
TL-WR841ND @ BS-build 23919 Client Bridge ( Routed )
gurabli
DD-WRT Novice


Joined: 18 Aug 2014
Posts: 20

PostPosted: Thu Sep 18, 2014 12:04    Post subject: Reply with quote
I finally managed to configure everything and it looks like it is fully working.

I managed to configure openVPN client with the provider I have subscription.

To add only a specific device that goes through VPN connection, you need to add the ip or the range into Policy Based Routing.

So in my case:
192.168.1.103/32 and 192.168.1.104/32

Watch out for /32 If you add only a single IP address you need to put /32.

Also, forward the UDP (or TCP) port of the vpn connection to the IP you wish to use VPN (In my case 192.168.1.103 and 192.168.1.104), otherwise the firewall would block access.

This is very good, as now I can redirect traffic from all kind of devices through VPN.
Just assign a fix ip to the device, and here you go.

I hope this will help others as well!
undertoe
DD-WRT Novice


Joined: 16 Sep 2008
Posts: 4

PostPosted: Sat Sep 20, 2014 14:25    Post subject: Reply with quote
I want to do the same thing your doing except i want to send all traffic from 192.168.1.103/32 over openvpn tun1 interface except for port 80,443. Any direction on how to do that? I have found examples but can't get any to work just right.

Was trying to get this working since it seems this is exactly what i want to do but just add the source ip 192.168.1.103
http://www.linksysinfo.org/index.php?threads/route-only-specific-ports-through-vpn-openvpn.37240/
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum