Is it possible to route traffic through the VPN only for specific interfaces?
For example, if my router has Ethernet and Repeater connection, I only want to use VPN on the Repeater and not the Ethernet. Ideally for specific clients as well.
Was looking at Customize Routing Rules setting but there's no documentation available and not sure if this is the correct option I'm looking for.
Hi,
Please try to custom add Zone Forwarding rule for vpn-client => wwan in Luci -> Network -> Firewall.
Could this be added as an option to the GL-iNet router page?
Prefer not to make too many modifications on the openwrt page since it tends to break GL-iNet page.
I will collect the requirement you mentioned. If there are more user feedback on this or similar requirement, it will be possible to further achieve it.
The configuration of Luci can serve as an auxiliary configuration for GL GUI.
Just try it.
Thanks, I think there are benefits for specifying by interface as you may not want to use VPN on your home network since it's already secure, but may want to on a backup network, such as celluar or public wifi.
For the configuration:
I see on the Firewall Zone configuration that wgclient and ovpnclient is already forwarding to wan.
Should a new zone be created specifically for the vpn clients that forwards to wwan and tethering?
Yes, it can achieve in the Luci, which is your mentioned.
In the firewall of the Luci, Forwarding, only permit the wgclient -> wwan and tethering.
Can you explain what kind of application scenario is this? Seems very complicated.
It's pretty straightforward. This application would let you use your home internet as is without any VPN.
If you're traveling for example, it would use the VPN profile when you're connected to a repeater or tethering, since this is configured by interface.
This way, you won't need to keep the VPN constantly on when you're home, and won't need to manually enable it each time when you want to travel. Essentially a set it and forget it configuration.
Also at least in my case, I have a few public wifi around my area that I can use as a backup wifi. But I want to keep my traffic hidden as connecting to public wifi isn't safe. So with this configuration, I won't have to worry about leaking any connections I don't intend to when connected to these wifis if the internet connection does get switched to him as fallback.
I see. It make sense but now you have to check the vpn connection each time you change network. This is a good habit.
Yup that's correct, but still much easier as you can just open a IP address website directly on your device. Instead of going to the router, turning it on, then checking it. This just gets rid of the extra step.
Only concern is that the VPN connection might be stuck in reconnecting, but I don't think it would be a huge issue.
I will record your requirement. But it needs a totally redesign of the current vpn function so cannot promise anything. We cannot put it in vpn policies.
