i am wondering if i can setup my router with openwrt to toggle access to vpn on and off to each device connected.
Could you explain a bit better what you seek to achieve? Maybe with an example?
Device - VPN
Phone 1 - ON/OFF
Tablet 1 - ON/OFF
PS4 - ON/OFF
Phone 2 - ON/OFF
gonna try it now, any advise on how to set it up
i would like to do something like expressvpn split tunnelling on this video
need advice on what to install and how to set it all up
Yes, you can do that with VPN PBR mentioned above.
Thank you, looking into it now. Will get back to you if i run into any problems
how do i set this up so i can switch between wan / vpn / no internet access to certain devices i.e children
do i need to set this up in a certain way
Forward in lan zone can be accept.
lan zone must be allowed to forward to vpn zone too.
wan zone must have masquerading and mss clamping ticked.
how do i create a firewall that allows no internet access
Do you mean "can VPN PBR operate with route no-pull"??? or maybe "can I set per client kill switch / fallback routes"???
"Firewall rule for no internet access" makes absolutely no sense in the context of this thread... or entirely... just remove the router and your done
Apologies for wording this wrong, i would like to setup so that i can select between vpn access, normal internet access and no internet access.
Also can i get it to setup new devices up instantly as they connect to the router
There is a drop down list for the interface to be used. If you don't want internet access, create a dummy interface that will blackhole the traffic, add a firewall zone for that too and use it as no internet
No, you need to add them there. You could add a generic rule for new devices that will cover all your lan address space and place it at the bottom of the list, something like a default option.
how do i confiq a dummy firewall
any instructions on how to set this up
Create a new interface in /etc/config/network
and assign a blackhole route for the internet.
config interface 'test'
option proto 'static'
option ipaddr '172.16.14.1'
option netmask '255.255.255.0'
option delegate '0'
option metric '240'
option ifname 'lo'
config route
option interface 'test'
option target '0.0.0.0'
option netmask '0.0.0.0'
option type 'blackhole'
disable dhcp in /etc/config/dhcp
config dhcp 'test'
option interface 'test'
option ignore '1'
Add the new interface to the wan firewall zone in /etc/config/firewall
config zone 'wan'
...
option network '... test'
You can select another name if test doesn't suit you.
It is also possible to do all these configurations from Luci under Network -> {Interfaces, Static Routes, Firewall}
one last question, how do i go about on doing this?
Can't you add the whole LAN network of yours at the bottom of the list as local address?
where does all the connected devices info get stored
If they get settings from dhcp then you can find them in /tmp/dhcp.leases
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.