Network isolation seemingly not working

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
Goto page Previous  1, 2
View previous topic :: View next topic  
Author Message
daniello
DD-WRT Novice


Joined: 03 Jul 2015
Posts: 48
PostPosted: Sun Jan 14, 2018 16:13    Post subject: Reply with quote
thanks for the typo .. will gladly wait for your final feedback Smile

BTW either you misread the IPs or I don't understand why the router should be at 2.1.
Back to top View user's profile Send private message
Sponsor
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12877
Location: Netherlands
PostPosted: Wed Jan 17, 2018 10:07    Post subject: Reply with quote
egc wrote:
I just had a quick look but will later on have a more thorough look.
Two things:
Your firewall rule is missing just the letter i it should be
Code:
-i ath0.1
to specify the in-interface

And you must not use the routers own IP address in the PBR field so do not use 192.168.2.0/24 because that includes the router at 192.168.2.1
(Actually I am not sure about this it could work because the router itself also sits on 192.168.1.1 and that is not in the PBR field)


Other then the above I do not see any other apparent misconfiguration. When I mentioned the router sits at 192.168.2.1 I ment the DHCP server of Ath0.1, your router is of course at 192.168.1.1.
That said it is perhaps a good idea that you must not include the 192.168.2.1 address in the PBR range and of course insert the missing -i in the firewall
_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Back to top View user's profile Send private message
daniello
DD-WRT Novice


Joined: 03 Jul 2015
Posts: 48
PostPosted: Wed Jan 17, 2018 11:30    Post subject: Reply with quote
Thanks egc, the -i is corrected but has no impact on my VPN testing. My first PBR try included just the IPs from 100-150 in both networks .. so that test case is already covered.
I will probably have to deal with more complex rules to facilitate this segmentation .. haven't come up with a simple idea yet. Ultimately an option would be to use a non vpn wifi access point for devices that shouldn't route through VPN.
Back to top View user's profile Send private message
daniello
DD-WRT Novice


Joined: 03 Jul 2015
Posts: 48
PostPosted: Sat Feb 03, 2018 11:08    Post subject: Reply with quote
OpenVPN conditional routing with two subnets works as of 2018-31-01-r34777 (unless something new breaks it)

Edit: Well .. things work differently now but they don't really work well. Blocking LAN only for VAP worked before and doesn't now (neither WAP nor VAP can access LAN). Conditional routing for two subnets broke the internet for WAP and VAP .. now at least one works.

I will update this when I have new findings.
Back to top View user's profile Send private message
Goto page Previous  1, 2 Display posts from previous:    Page 2 of 2
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum