• Visitors can check out the Forum FAQ by clicking this link. You have to register before you can post: click the REGISTER link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. View our Forum Privacy Policy.
  • FREE webinar: What does a post IR35 reform CV look like? : Wed, Jul 28, 2021 7:15 PM - 8:15 PM BST More details here.

Selective Routing of IP via router to VPN

Collapse
X
  •  
  • Filter
  • Time
  • Show
Clear All
new posts

    Selective Routing of IP via router to VPN

    Hi all,

    I have an Amazon Fire TV/Ipad that I would like to occasionally connect to a hosted VPN. One option is to enter the details of the vpn via each device (... may not be for the FireTV) But I would like to configure this via the router And not for all IP addresses on my network.

    After some checking it appears that the ASUS RT (AC68/87/62) WIFI routers can achieve this but by installing the merlin firmware. Unfortunately there is no Merlin support for the VDSL2 version of these routers (i.e. DSL AC68U) .... and I will rather a single box modem/router solution for my BT Infinity.

    So the question is :-
    Could I achieve this type of selective routing by using e.g. A Virtual machine/PC on my network?
    I am assuming that web traffic (from FireTV/Ipad) will be forwarded to a machine which will then decide on forwarding to the my router as normal or VPN traffic?


    PS. I have not considered if another modem/router does this same with stock firmware?

    cheers

    #2
    any clues?

    Comment


      #3
      You can do it with a VM doing the routing for the devices you want to go through the VPN, but i'm not sure it's better than just having 2 physical routers

      Comment


        #4
        DD-wrt?
        "If you didn't do anything that wasn't good for you it would be a very dull life. What are you gonna do? Everything that is pleasant in life is dangerous."

        I want to see the hand of history on his collar.

        Comment


          #5
          Cisco ASA 5505 will to it - VPN-to-VPN connection.

          £100 or so on Ebay....

          Comment


            #6
            You're looking for "policy based routing"; it's possible with some of the advanced firmwares. I use pfSense, which can be run in a VM, though I've never had a need to use policy based routing in the way you intend.

            Remember the default gateway for the Fire should now be the router that makes the routing decisions (the VM) and not the actual default out to the WAN.

            If the Fire understands http proxies then that might be a simpler alternative - a proxy like Squid can make decisions based on hostname and you can forward onwards using, for example, SSH tunnels. This is what I use to use for bbc iplayer from abroad. Additionally, Squid can do ad blocking - all of which is transparent to the client devices. If your're trying to control non-http traffic forget this.

            Comment


              #7
              My Vigor router will connect to a VPN and do VDSL. I'm not sure you can do it selectively for different client machines, but if you can route only certain destination IPs through the VPN it probably doesn't matter.

              But yes I don't see why you can't do this with a VM if you really want to, but as said you'll have to configure the Fire to route via the VM rather than the default gateway (i.e. the router).
              Will work inside IR35. Or for food.

              Comment


                #8
                cheers guys for the reply.

                The DD-wrt does not have this policy rules built into the firmware.... Though may be possible with a lot of tinkering via command line ...

                The cisco or 2 router approach is what I am trying to avoid since I have got too much clutter of plugged appliances

                I was thinking about the vigor (2860 series). I had a look a the live demo on their website and it does look quite complicated. It does look like it does the policy based routing but difficult to tell. However it lacks openvpn server. They have a closed forum open only to owners with a valid device which i cant join to ask the questions …..

                I have never used pfense before so looks like it worth looking at + vm as agateway

                Comment

                Working...
                X