hi guys and girls,
here is something i am struggling with, which i am not sure is possible but am quite sure would be a desired user scenario in many homes where VPN is used for streaming :
*** The current user scenario :
a common home has a router/switch which also serves as the gateway for the ISP;
the home has multiple LAN clients which connect to the internet via “standard” connection (PCs, phones, tablets etc)
the home has several “media clients” which need to stream content over a VPN connection. these might be streamers like AppleTV or AndroidTV, or smart TVs. they usually required the installation and configuration of VPN clients on each device, with some devices like AppleTV making it very difficult;
*** The desired situation :
a. connect 1 AR750 (or similar) device to the LAN and configure VPN connection on it with kill-switch on
b. connect all possible streamers and TVs to the AR750, preferably wired
*** The puzzle :
how do I route the traffic from a streamer that can’t be physically or wirelessly connect directly to the AR750?
is there a way to route all its traffic via the AR750?
important note : for this discussion please assume that the AR750 (or similar) can’t replace the main home router either due to performance, or ISP requirements, or home-office and security concerns. so the idea is to have the AR750 as just the home’s VPN media gateway
I am attaching a simple drawing to visualize the situation
yeah, the “tricky” situation is with the streamer that is not behind the AR750 (10.20.30.11).
it is in my guest house connected to a local (unmanaged) switch which also connects a PC, iPhone etc. this location is out of the wireless coverage of the AR750.
the bottom line is how to configure routing or whatever to push all its traffic via the AR750, while remembering that this traffic would come from what the AR750 considers as “WAN”
btw - the device is a Xiaomi Mi-Box but can be an AppleTV or whatever
I’d have to research what’s available in these boxes (I only have an MT300N-V2, so not sure if it would be quite the same), but I’m assuming that the standard Linux stuff for routing is still there. It would just be a case of how to set it up.
But with ip and iptables, it would be quite easy to route anything with a particular source IP out of the normal WAN instead of forcing everything through the VPN. Although it might be a little trickier with the kill-switch settings in place. So then you could connect the switch to the AR750 and split route there.
If you can get to a command line, then the following would help, once the VPN is connected:
ip rule
ip route show table <all the tables except local>
iptables -t <filter|nat|mangle> -S
BTW, which VPN are you using as they all force the routing setup in different ways.
reading your reply i think there might be a slight confusion -
the AR750 is only used for VPN streaming traffic and nothing else (will never connect my other devices to it, like phone work pc etc). this is a common home-office situation where people will separate their work/personal and media/streaming sub-networks while still eventually using a single ISP connection.
to reiterate -
as far as the AR750 is concerned, my home LAN (10.20.30.xx) is its WAN.
so what I basically need to do is route the traffic that comes from 10.20.30.11 in my diagram into the AR750, and then route it out via the VPN tunnel it established with its OpenVPN client.
I understand what you’re trying to do and was offering an alternative solution.
Your idea of routing the 10.20.30.11 traffic out of the router to the AR750 will only work if that router has 2 WAN ports. One to the internet and one back to the LAN side of the AR750. I can’t think of any way you could set up an addressable connection from the LAN side of router to the LAN side of the AR750 as the router only knows about the 10.0.0.0/8 subnet and the internet gateway and so wouldn’t know how to route to the 192.168.0.0/24 gateway as the router LAN ports aren’t individually addressable to say “push this traffic through port 4”.
