Question Change Router VPN connection based on Local IP

Toggle sidebar Toggle sidebar
I

iranon

Junior Member
Aug 27, 2021
1
0
6
So, I work from home and I'm looking to set up a VPN on my router. My work computer connects to a company VPN on its own.

What I'm looking for is a way to configure a router so that it connects only certain hosts to a VPN client connection but not others.

Any suggestions about software to be used for this are welcome. I'm tech-savvy enough to flash my own hardware and SSH into a machine to perform manual configurations; I just don't really know where to start with something like this.

Right now I do have a raspberry pi that I run with Pihole and is configured to be my router's DNS and DHCP server. If there's a way that I could use that to run the VPN connection that would be even better.

Thanks!
 
Sort by date Sort by votes
S

SamirD

Golden Member
Jun 12, 2019
1,489
276
126
www.huntsvillecarscene.com
If you're running 2x vpns on the same network, you may run into issues.

What you're wanting is a selective 'split tunnel' vpn client, but I don't think the built in ones on routers can behave that way. I know you can do this with software clients like the shrewsoft one.

I don't know if a Pi can be a vpn endpoint or not. If they have the ability to run openvpn, then maybe, but performance wouldn't be great.
 
  • Like
Reactions: mxnerd and iranon
Upvote 0 Downvote
M

mv2devnull

Golden Member
Apr 13, 2010
1,498
144
106
iranon said:
What I'm looking for is a way to configure a router so that it connects only certain hosts to a VPN client connection but not others.
Click to expand...
I'd say that the topic is "routing".

A typical "roadwarrior" VPN connection has explicit routes that the VPN client needs to talk with VPN server and default route via the VPN tunnel.
For example, you connect to your company and then all other traffic goes via the tunnel, via your company, even to rest of Internet. Since your traffic appears to come from the company server, your PC is no different from PCs in the office.

If the VPN connection is configured to not change the default route on start, but only adds explicit route to the office subnet via the tunnel, then your PC talks with office via the tunnel and with everyone else directly; without VPN. (There could be additional routes via VPN.)


However, I guess the "only certain hosts" means machines in your home subnet? Rather than making the routing decision based on destination (e.g. to office printer via VPN; to AT Forum via public route), you want to route based on source too (e.g. "from my PC" => choose by destination; "from TV to anywhere" => always via public).

That is called policy-based routing (in Linux). Can your router be set up to do that? No idea.


If you have good control of your DHCP server, then it could give different static routes for each client so that your PC would send "to office subnet" to your VPN client server and rest to router, while TV would have no additional routes -- just the (via router) default. If VPN client is not the same as the router, then no policy-based routing is required.
 
  • Like
Reactions: mxnerd and SamirD
Upvote 0 Downvote
VirtualLarry

VirtualLarry

No Lifer
Aug 25, 2001
56,349
10,049
126
Later Shibby, and now Freshomato builds, support multi-WAN with Policy-based routing.

If you were to set up two routers, one ISP router, and one with a VPN configured, then you could set up a third Tomato-based multi-WAN router, connect one WAN to the ISP router, and one WAN to the VPN client router (who's WAN port would plug into a LAN port on the ISP router as well), then you could use PBR on the inner-most router.
 
  • Like
Reactions: SamirD and mxnerd
Upvote 0 Downvote
mxnerd

mxnerd

Diamond Member
Jul 6, 2007
6,799
1,101
126
  • Like
Reactions: SamirD
Upvote 0 Downvote
You must log in or register to reply here.

TRENDING THREADS

COMPANY
RESOURCES
FOLLOW
Top Bottom