VPN and LAN simultaneously

tetsuo · 2018-01-20T23:24:42.000Z

Hi guys,

i recently bought an AR-750 equipped with Firmware 2.263 and need some help and setting it up for my specific use case. I already found some topics discussing similar use cases but they were mostly missing setup information. Any help is appreciated.

So, what do i want to do!? I want to secure on of my PCs in my Home Network with an OpenVPN connection but it has to still be available to the other PCs on my local network.

My current setup looks like this:

Internet - My Main Router (192.168.178.x) - Gigabit Switch 1 - Some Clients (including the PC in question)

Internet - My Main Router (192.168.178.x) - Gigabit Switch 2 - Some other Clients

My first idea about wiring this is:

Internet - My Main Router - Gigabit Switch 1 - Some Clients

Internet - My Main Router - Gigabit Switch 1 - AR750 - PC to be secured through OpenVPN

But how to set this up so only the internet traffic from this PC goes through the VPN but is still reachable for all the other Clients on the LAN?

Thanks in advance and best regards

alzhao · 2018-01-22T13:16:54.000Z

Don’t tick the “force VPN” you should be able to do that.

tetsuo · 2018-01-22T21:16:58.000Z

Hi alzhao,

thanks for your answer. But how to set this up the right way?

Should i just set the AR750 up as a bridge using the same subnet as the main router and acquire the IPs via the main router?

Or is there any best practice to do this?

Second question: If i untick “force VPN” i will also loose the “security” that this provides if the VPN connection goes down. Right?

Are there any plans to divide these 2 options in separate ones (if possible)? I think this has been asked a few times already. I.e. in THIS thread too.

groentjuh · 2018-01-23T23:47:49.000Z

With your current network configuration all clients will send packets to networks they do not know to your main router. I do not know what your main router is, but either that has to route packets based on a policy to route them to your AR750 or these clients need their default gateway adjusted.

Either method will cause them to use your AR750 as gateway.

After that it might not actually require any special configuration to make the AR750 put the traffic into the VPN for you. Possibly the “force VPN” option can stay on. The first problem you have at the moment is splitting these 2 packet flows from clients that should and shouldn’t use the VPN.

tetsuo · 2018-01-24T20:50:42.000Z

Hi Groentjuh,

thanks for your answer. My main router is a Fritz Box 3390

I don´t want multiple cients to be connected via VPN but only one. That´s why i asked how to best to wire and set this up.

I.e.: PC in question - AR750 - Gigabit Switch - Main Router (Fritz Box) - Internet. This seems to be the way to go. But how to configure it?

In the end the internet traffic from this PC should be routed through OpenVPN via the AR750 but the PC should still be able to be reachable from within my LAN as it serves files to multiple other clients on the network.

Hope that clarifys it.

There are already some posts on the forum that talk about this and have different paths, i.e. IP-tables configurations, dumb-ap config, using different interfaces, but no details and i have a hard time figuring it out right now.

I´m just trying different settings but can´t seem to get it to work. For example right now i configured the AR750 with a static IP in the same subnet as the main router. It is conenected to the gigabit switch via a LAN port on the AR750. i disabled DHCP on the AR750 and my client now successfully acquires the ip from the main router via the AR750 Wifi and i have internet access.

However OpenVPN will not connect. If i connect the AR750 to the rest of my network via the WAN instead of the LAN port i can see it receiving another IP on the WAN port but all connected clients (to the AR750) then loose internet access.

I´m surely doing something wrong here.