Multi open vpn. Separate wifi for every VPN

Hi all.
First i want direct point out i'm green with OpenWRT, so i directly say sorry to everyone that came here to get a easy solution...

I'm trying to create my VPN router based on GL-mt300n v2 on OpenWrt 19.07.0-rc2 r10775-db8345d8e4. I got Cyberghost vpn. I want to have 2-3 diferent wifi networks, where 1st is standard internet and 2nd and 3rd is for 2 OpenVPN clients from 2 diferent countries.

GL-mt300n v2 has 2 Lan ports, so
WAN port - that will be just WAN... DHCP client to main internet provider network
LAN port - because this is only port that can be used it will needed to be worked with taged VLANs
vlan2 - is current WAN vlan
vlan1 - standard Lan router
vlan10 - VPN first country

This way i can connect from my PC to 3 networks on 1 cable, just by seting proper VLAN on nic

WiFi
1st - Standard Wifi
2nd - VPN

I managed to set up vpn and normal network but getting strange thing.
When VPN is enabled than on VPNWifi i get vpn but nothing on StandardWifi.
When VPN is disabled (stoped) of course nothing on VPNWifi and internet on StandardWifi

So it is something with my vpn setup as i do not change nothing more
in logs found this

PUSH: Received control message: 'PUSH_REPLY,sndbuf 393216,rcvbuf 393216,comp-lzo no,redirect-gateway def1,dhcp-option DNS 185.93.180.131,dhcp-option DNS 194.187.251.67,dhcp-option DNS 38.132.106.139,route 10.252.200.1,topology net30,ifconfig 10.252.202.238 10.252.202.237,peer-id 19,cipher AES-256-GCM'

So i added
pull-filter ignore redirect-gateway
to my ovpn config file.

Now i get internet on standardwifi but not on VPNWifi
Can anyone help me to configure it

You either have to create routing tables, rules and static routes per table, OR utilize some package like mwan3 or vpn bypass.

1 Like

Instead of reconnecting to a different WiFi, when I need to use a VPN connection, I use vpn-policy-routing package (well, its Web UI) to create/enable policy for my device to use VPN. I find it easier than hopping WiFi network.

1 Like

Thx but i need to do on Wifi as it is way easyer for me to connect my devices to proper networks

To run the VPN in parallel to a regular router, you need a new network for the VPN users. It is almost identical to setting up a guest network, except that it forwards out to the VPN tunnel rather than the WAN.

The new network has a separate IP range and a DHCP server. It should be a bridge so you can connect to wifi and / or wired interfaces as necessary. This network has its own firewall zone, create a new zone called for example "vpnuser"

Also you need to create a firewall zone for the "tun0" that the OpenVPN client creates. This zone has masquerade and MTU Fix enabled, because the VPN users need to NAT to the one IP address the VPN service has for you. Then have a forward rule from the vpnuser zone to the vpntun.

To have two separate networks of VPN clients that go to different VPN servers, repeat the whole process again.

This can be done on hardware like the MT300 but you may consider a router with more ports and more CPU power in the future.

2 Likes