Route a section of LAN through VPN

ElSebita · May 12, 2020, 11:29pm

Hello.
I'm trying to create a config that routes part of my LAN through the VPN and the other through normal WAN, but I can't.
Devices are:

ISP cablemodem with WLAN and LAN. Subnet 192.168.0.1/24
Mikrotik router (OpenWRT 19.07.1) with WLAN and LAN. Subnet 192.168.1.1/24. Static IP 192.168.1.1 for its network and 192.168.0.2 for the WAN (cablemodem)

I use the LAN on the Mikrotik for file sharing between devices and internal communication. Ideally I'd like to have part of the actual subnet routed through the VPN and the other through WAN but I'm open to split subnets to 192.168.2.1/24 and 192.168.1.1/24, providing connection between them is possible for file sharing as I said.

VPN is NordVPN and config works nicely after following this tutorial made by a forum user.

Any help appreciated.

anon50098793 · May 13, 2020, 12:46pm

No need to split subnets.

Use a "subset" or contiguous block from your existing subnet and dhcp reservations for vpn hosts.

You can then use a combination of dhcp tags and policy routing to achieve the goal.

i.e. addresses 192.168.1.129-254 are for vpn... then when you create the policy route use a vlsm of 192.168.1.128/25 to match any host with an address in the second half of the subnet.

Find a subnet calculator... you will probably need a /27 or /28 so the calculator will tell you where to start and end your host range.

ElSebita · May 14, 2020, 4:15pm

Thank you! I'll try that.