HI - I'm using a new MT3000 at a remote location (192.168.0.0/24 Lan) with OpenVPN configured as client back to house network (192.168.2.0/24) which is running OpenVPN Server on HyperV.
I have it working so that both lans are accessible from either side which is perfect. The remote location is set to use it's own internet gateway which is what i want except for 3 firesticks which i'd like to route through the VPN (192.168.0.95-110 would be what we'd want to route out the house gateway vs local gateway). On my old Unifi ER-X router i had this working by routing a subset of IPs and can't seem to replicate this on the MT3000 side. I had someone build a script to get this going on the ER-X which i thought i would share here to help get a translation for how to accomplish on the MT3000
#BLOCK TO CREATE FIREWALL IP GROUP THAT ROUTES OVER VPN
configure
set firewall group address-group CottageVPNRouted
set firewall group address-group CottageVPNRouted address 192.168.0.95-192.168.0.110
commit
save
ER-X VPN CLIENT and ROUTING OF SELECT IPS
#BLOCK TO CREATE VPN CLIENT BACK TO HOUSE
configure
set interfaces openvpn vtun3 config-file /config/auth/router/openvpnclientconfig.ovpn
set interfaces openvpn vtun3 description 'connection to house'
commit
set service nat rule 5020 description 'masquerade for Tunnel'
set service nat rule 5020 outbound-interface vtun3
set service nat rule 5020 log disable
set service nat rule 5020 type masquerade
set service nat rule 5020 protocol all
commit
save
#BLOCK TO CREATE ROUTING OF VPN CLIENT
configure
set protocols static table 1 interface-route 0.0.0.0/0 next-hop-interface vtun3
set firewall source-validation disable
set firewall modify VPNROUTED rule 10 description 'traffic from 192.168.0.0/24 to vtun3 house'
set firewall modify VPNROUTED rule 10 source group address-group CottageVPNRouted
set firewall modify VPNROUTED rule 10 modify table 1
set interfaces switch switch0 firewall in modify VPNROUTED
commit
save
