How to configure VPN rules for different PCs p.e. by MAC adress or IP?

Technical Support for Routers
1

Follow user case:

Follow working fine:

  • Some PCs are unseeing VPN by gl router like AR-750s and FW 3.2 or so on.
  • The PCs are connected to gl router by Ethernet.

How to configure the follow on gl router ?

  • One of the PCs which are connected also by Ethernet to the gl router, should use the VPN only use for one special adress, p.e. www.example.com For the rest of traffic of this PC should be not used the VPN. The IP, MAC and PC name are known of this PC.

  • Or one of the PCs which are connected also by Ethernet to the gl router, should dont use the VPN only for one special adress, p.e. www.example.com For the rest of traffic of this PC should be used the VPN. The IP, MAC and PC name are known of this PC.

Its possible to configure this by GUI ? And how to do ?

And how about the DNS on this case ? Are the DNS used by VPN for every traffic or one part of DNS by VPN and one part of DNS without to use the VPN ?

THX

2

You can set up vpn policy and do not use vpn for the www.example.com, but you cannot only set up for one client only.

iptables can do all what you want.

The DNS should be resolved on the router.

3

A additional rule for doing this by GL GUI, depend on PC by MAC address will be great.

4

I addet it now to the user driven bug and feature request list:

5

But I don’t think we will add combined vpn polices. When we fist design the vpn policy we do have combined policies. Eventually it is quite complicated and very hard to understand.

For example in vpn policy rules,

IF
you set youtube.com to use vpn, and
you set 192.168.8.100 (identified by mac address) not use vpn

Question:
when 192.168.8.100 connect to youtube.com, should it use vpn or not?

We decided not to go into this situation and will not use combined rules.