1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Separate VPN for Two VLANS

Discussion in 'Tomato Firmware' started by a5221598, Jun 8, 2014.

  1. a5221598

    a5221598 Network Newbie Member

    I am having a bit of trouble getting a router to work the way I would like it to. It's a Netgear R7000 running Shibby Tomato build 119.

    I have four different VLANs setup to each port on the back and working properly.

    192.168.10.1(br0)
    192.168.20.1(br1)
    194.168.30.1(br2)
    192.168.40.1(br3)

    I have two OpenVPN clients setup. I would like for br0 and br1 to be regular internet from the ISP, which they are now with where I am at with the current setup. I would like br2 to be VPN 1 and for br3 to be VPN 2. I can get both br2 and br3 to to be either VPN 1 or VPN 2 but not each one be different.

    Here is what I have currently setup:

    VPN Tunneling > OpenVPN Client > Client 1 > Advanced
    Code:
    persist-key
    persist-tun
    tls-client
    comp-lzo
    verb 1
    
    VPN Tunneling > OpenVPN Client > Client 2 > Advanced

    Code:
    persist-key
    persist-tun
    tls-client
    comp-lzo
    verb 1
    
    Administration > Scripts > Init

    Code:
    mkdir /etc/iproute2
    
    echo -e "#\n\
    # reserved values\n\
    #\n\
    255  local\n\
    254  main\n\
    253  default\n\
    0  unspec\n\
    #\n\
    # local\n\
    #\n\
    #1  inr.ruhep\n\
    # Our custom tables\n\
    10 ETHER" >/etc/iproute2/rt_tables
    
    Administration > Scripts > Firewall

    Code:
    ip rule add from 192.168.10.0/24 table ETHER
    ip rule add from 192.168.20.0/24 table ETHER
    
    ip route flush all table ETHER
    ip route add 127.0.0.0/8 dev lo table ETHER
    ip route add 192.168.10.0/24 dev br0 table ETHER
    ip route add 192.168.20.0/24 dev br1 table ETHER
    ip route add default via 10.10.10.10 dev vlan2 table ETHER
    
    ip route flush cache
    
    iptables -t nat -I POSTROUTING -s 192.168.30.0/255.255.255.0 -o tun11 -j MASQUERADE
    iptables -t nat -I POSTROUTING -s 192.168.40.0/255.255.255.0 -o tun11 -j MASQUERADE
    
    With that firewall script both the 192.168.30.0(br2) and the 192.168.40.0(br3) subnets use the VPN from client 1 and it works. I was thinking I could just change the last line so it would be tun12 instead of tun11 but that does not work.

    Is there something simple that I am missing or is there another way I should be going about doing this?
     
  2. a5221598

    a5221598 Network Newbie Member

    Bump, any ideas?
     

Share This Page