Adding second WAN port just for VPN

Hagbertumple · November 23, 2021, 6:05am

I’d like to setup a second wan connection to shunt all that traffic to an upstream vpn server

As my setup is a rpi4 I can easily add another usb ethernet adapter to have a second physical wan port

I am way out of my element but… If I set it up as a wan connection, setup vpn and bind it to that wan connection, would it appear as 2 possible gateway ip’s on my network?

Tell devices to use gateway at .1.1 for no -vpn
And to use gateway .1.2 for vpn’ d traffic?

My isp provides 2 ip’s, and i run my modem in bridged mode

frollic · November 23, 2021, 6:16am

You don't need a 2nd, physical, WAN port for VPN.

You can route either by providing different GWs, or by routing the traffic in your firewall.

Hagbertumple · November 23, 2021, 6:27am

How would you get a second gateway (without vlan) otherwise?

Policy-bound-routing seems complicated to me in comparison

frollic · November 23, 2021, 6:59am

You only need an IP that isn't the same as the primary GW.

If you reroute everything, you can route by client IP or perhaps MAC.
Or the opposite, depending on which are the fewest, VPNed or non-VPNed clients.

Perhaps DoH or DoT is enough, instead of the VPN tunnel - https://overengineer.dev/blog/2019/04/08/very-precarious-narrative.html

trendy · November 23, 2021, 8:13am

Maybe it would be easier to install the pbr package. With it you can regulate which device will use the ISP link or the VPN.