Hostname vpn/non vpn toggle

i am wondering if i can setup my router with openwrt to toggle access to vpn on and off to each device connected.

Could you explain a bit better what you seek to achieve? Maybe with an example?

Device - VPN

Phone 1 - ON/OFF
Tablet 1 - ON/OFF
PS4 - ON/OFF
Phone 2 - ON/OFF

Try VPN PBR.

gonna try it now, any advise on how to set it up

i would like to do something like expressvpn split tunnelling on this video

need advice on what to install and how to set it all up

Yes, you can do that with VPN PBR mentioned above.

2 Likes

Thank you, looking into it now. Will get back to you if i run into any problems

1 Like

firewall

how do i set this up so i can switch between wan / vpn / no internet access to certain devices i.e children

do i need to set this up in a certain way

Forward in lan zone can be accept.
lan zone must be allowed to forward to vpn zone too.
wan zone must have masquerading and mss clamping ticked.

1 Like

how do i create a firewall that allows no internet access

Do you mean "can VPN PBR operate with route no-pull"??? or maybe "can I set per client kill switch / fallback routes"???

"Firewall rule for no internet access" makes absolutely no sense in the context of this thread... or entirely... just remove the router and your done :wink:

Apologies for wording this wrong, i would like to setup so that i can select between vpn access, normal internet access and no internet access.
Also can i get it to setup new devices up instantly as they connect to the router

1 Like

There is a drop down list for the interface to be used. If you don't want internet access, create a dummy interface that will blackhole the traffic, add a firewall zone for that too and use it as no internet

No, you need to add them there. You could add a generic rule for new devices that will cover all your lan address space and place it at the bottom of the list, something like a default option.

how do i confiq a dummy firewall

any instructions on how to set this up

Create a new interface in /etc/config/network and assign a blackhole route for the internet.

config interface 'test'
        option proto 'static'
        option ipaddr '172.16.14.1'
        option netmask '255.255.255.0'
        option delegate '0'
        option metric '240'
        option ifname 'lo'

config route
        option interface 'test'
        option target '0.0.0.0'
        option netmask '0.0.0.0'
        option type 'blackhole'

disable dhcp in /etc/config/dhcp

config dhcp 'test'
        option interface 'test'
        option ignore '1'

Add the new interface to the wan firewall zone in /etc/config/firewall

config zone 'wan'
...
        option network '... test'

You can select another name if test doesn't suit you.
It is also possible to do all these configurations from Luci under Network -> {Interfaces, Static Routes, Firewall}

1 Like

one last question, how do i go about on doing this?

Can't you add the whole LAN network of yours at the bottom of the list as local address?

where does all the connected devices info get stored

If they get settings from dhcp then you can find them in /tmp/dhcp.leases

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.