[Solved] Sending traffic to separate VPN servers from various 'device groups'

[Hardware: Protectli VP2420 – Intel Celeron J6412 / WiFi module: M.2 2230 E-Key PCIe (chipset: Qualcomm Atheros QCA6174A-5) / Firmware: OpenWrt 23.05.3 r23809-234f1a2efa / LuCI openwrt-23.05 branch git-24.073.29889-cd7e519 / kernel version: 5.15.150]

I have configured my x86/64 platform with the above specs as a VPN router, with IPv6 connectivity and all. Trying to build from here, I’d like to consult you on the following.

My brother employs a Vilfo VPN router in his network, which basically is an OpenWrt device (Firmware 21.02.3 r16554-1d4dea6d4f / Kernel 5.4.188) with a beautiful user interface. The latter allows him to create ‘groups' to which devices in his network can be assigned at will. The traffic from each of these ‘groups' can be sent to a different VPN server, and what he sees in the VPN configuration files for these ‘groups' is that for each of them a different tunnel is created (tun0, tun4, tun5 etc.).

What I am curious about is what might be the underlying principle of these 'groups'. Are these based on vlans or policy based routing, or something else? With other words, how would I go about if I wanted to recreate such ‘groups’ on my own router? Any insights you may have that can put me in the right direction will be much appreciated!

You can setup multiple tunnels (I would use WireGuard much faster and easier to setup) and use PBR to assign your clients to one tunnel or the other, see:

You can also make multiple SSIDS and assign those to a different tunnel so that you can switch your Wifi Clients to use different tunnels or the WAN, PBR is very versatile.

Ask the vendor of the software of your brother how they do that if you want to know :slight_smile:

@egc: thank you again for your help and for the link to stangri's article. The latter is quite a read which will keep me busy for a while, but it's very helpful to know that I may be able to reach a similar solution by creating several tunnels in combination with PBR. I'll try to see how far I get, and in case I get stuck (which is quite likely :sweat_smile:), I'll report back.

In my case, WireGuard is not an option since my VPN supplier deliberately doesn't support it. And a regards the vendor of Vilfo VPN routers, I can try ask them how they created this 'groups' option, but I doubt whether they'll answer. Theirs is not only a proprietary solution, but I've also read that this Swedish company has been sold to an American investor. The last software update my brother has seen dates from September 2022. Prior to this, updates saw the light of day every couple of months, so it seems this thing has more or less been abandoned. We tried to SSH into it to see which packages etc. are installed, but his user password wasn't accepted, so this isn't an option either. I'll first do some reading :wink:

1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.