Flint 2 Policy Based Routing with 2x VPN

I would like to setup 2x VPN and use policy based routing on the Flint 2. I do know that the current GL iNet GUI doesn’t allow for this; only 1x VPN with PBR. I know the setup required to do 2x VPN and the nuances about how they get their TUNs assigned, and using the luci PBR app(s). However, when I installed the PBR it does not pick up any TUN devices, even one 1x VPN connected with it named TUN*. I wonder if this is some kind of effect of GL iNet configuration of sorts.

Has anyone done this kind of set up before and can advise any configuration or guides that can help me?

It would be great if the standard GUI could allow 2x VPN connections and a better PBR setup. I wouldn’t mind if it’s 1x VPN and 1x WireGuard, or just 2x VPN.

In addition to this, I was going to set up mulitple VLANs and route the traffic to their corresponding VPN out connections. In the current GUI I notice it only has 2 types of VLANs; one for the guest, and then one for everything else. I wonder if there’s any other way the standard GUI can be extended to acknowledge any other VLANs I set up in luci. If not, then I guess that’s OK, just as long as I can get PBR working in luci I should be able to manage those routes accordingly.

Basically I want to do;

  • LAN
  • VLAN for docker, where I will turn the last LAN port into split VLAN
  • Wireless IOT access point (VLAN)
  • Wireless standard access point (VLAN)
  • Wireless guest access point (VLAN)
  • VPN1 and VPN2
  • docker and IOT goes out VPN1
  • MAC address for a couple of devices out VPN2
  • Policy Based Routing to direct traffic as required

I’m able to do everything except PBR, as it just won’t pick up my TUNs. I’ve tested by setting up VPN in GL iNet GUI on vanilla OS and installing PBR in luci; no success. I’ve setup VPN in luci all manually and installed PBR in luci; no success.

Any ideas would be great. Thanks.

1 Like

Try removing Tor packages. After this, luci-app-pbr will show all available gateways.

From my experience in the gl ui you have to set the policy to manual routing to avoid as much of the default routing created by script interference.

Then the pbr in luci should work, i advise to also go through each interface and uncheck the default gateway checkbox for unused interfaces / (non lan/wan) interfaces :wink:, because for pbr you only want gateways through the real gateways and not a inactive one.

though multiple vpn are difficult especially multiple vpn clients, you use tun so i have no experience with openvpn, but for their wireguard instances i had multiple issues because its different than the luci-proto-wireguard one, packages like banip had trouble getting the uplink ip from it but pbr worked with these settings.