VPN traffic for specific IP (not range or subnet)

VPN traffic for specific IP (not range or subnet)

VPN traffic for specific IP (not range or subnet)
VPN traffic for specific IP (not range or subnet)
3 weeks ago - last edited 3 weeks ago
Model: ER605 (TL-R605)  
Hardware Version: V2
Firmware Version:

I've been struggling with this for a couple days now and hope someone has an idea on how to resolve it. There's plenty of documentation online regarding setting up OpenVPN on Omada routers, but I haven't seen much about restricting VPN to specific devices on specific subnets. 

 

I need only one device from one VLAN to utilize the VPN client: It's on VLAN 5, subnet 192.168.5.0, device IP 192.168.5.22. This VLAN/subnet is for wireless clients and the AP is an EAP610. 

 

The issue: All devices on 192.168.5.0 subnet are using the VPN connection despite the changes I've outlined below. I'm on the latest firmware. 

 

So far I've tried the obvious of setting "Local Address" to 192.168.5.22 in OpenVPN client settings. When that didn't work, I attempted policy-based routing: 

 

1) Created service types for OpenVPN ports and protocols TCP 443 and UDP 1194:

6768bdde2d2141039a064b0c3a2227e7

 

2) Created an IP group containing 192.168.5.22 only. 

 

3) Created policy-based routing policy:

addb68f522014acc9ca7476dc41252c8

 

Any help is appreciated!

 

  0      
  0      
#1
Options
1 Accepted Solution
Re:VPN traffic for specific IP (not range or subnet)-Solution
3 weeks ago - last edited 3 weeks ago

  @semgee 

 

 

 

ok try local network like this 192.168.5.22/32

 

Recommended Solution
  0  
  0  
#4
Options
5 Reply
Re:VPN traffic for specific IP (not range or subnet)
3 weeks ago

  @semgee 

I don't quite understand what you mean but show a screenshot of the VPN configuration then maybe,

policy route you can't use on OpenVPN so you can forget about it, same with other routing.

 

 

  0  
  0  
#2
Options
Re:VPN traffic for specific IP (not range or subnet)
3 weeks ago

  @MR.S That is what I was wondering: If traffic from only one IP could be routed/sent through OpenVPN (what I want), or if it would have to be the entire subnet.

 

VPN works fine, but all devices on the 5.0 subnet end up using VPN, which is what I don't want. Tried setting OpenVPN as shown below, then setting up policy routing. Also tried putting the IP of the only device I want on VPN in "Local Network" field below. Either way, all devices on 5.0 subnet end up using VPN. 

  0  
  0  
#3
Options
Re:VPN traffic for specific IP (not range or subnet)-Solution
3 weeks ago - last edited 3 weeks ago

  @semgee 

 

 

 

ok try local network like this 192.168.5.22/32

 

Recommended Solution
  0  
  0  
#4
Options
Re:VPN traffic for specific IP (not range or subnet)
3 weeks ago

Hi @semgee 

Thanks for posting in our business forum.

OVPN PBR has been scheduled to V5.15.X adapted firmware and controller. OpenVPN Update

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  1  
  1  
#5
Options
Re:VPN traffic for specific IP (not range or subnet)
3 weeks ago

  @MR.S 

MR.S wrote

  @semgee 

 

 

 

ok try local network like this 192.168.5.22/32

 

 

That did it. Much appreciated!

  0  
  0  
#6
Options