Can you set up only specific IP addresses to use a VPN?

I have a mediaplayer on a specific local IP. I have a videogames console on another IP in my network. Both have a static IP. I want to use a VPN service on the mediaplayer so that I can watch Netflix in another region. Is it possible to set up the Turris to direct all traffic from a specific IP address through a VPN? A SmartDNS service is no option to me sadly, as I have an ipv6 address.

You could put your media player on a different subnet and then do something like this: Limit OpenVPN to one subnet - #5 by robertsearle - Network and Wireless Configuration - OpenWrt Forum

Yes. There are multiple ways you can do this, but the way I’ve done it is by using multiple routing tables combined with OpenVPN’s up/down scripts to add the necessary entries to the routing table.

On my setup, I’m doing the whole “different subnet” thing, but you can easily adapt it to a single IP by just changing the routing policy. I’ve tried to adjust my instructions to your case, but I may have missed something.



if [ -n $REMIP ]; then
        ip route flush table forcevpn
        ip route add default dev $dev via $REMIP table forcevpn
        ip route flush cache

ip route flush table forcevpn

In /etc/iproute2/rt_tables, add 100 forcevpn (or a different number if 100 is already taken).

In /etc/rc.local, add (before the exit):

# This one should be the IP of the thing you're trying to route through the VPN
ip rule add from priority 10 table forcevpn
# This one should match your LAN subnet
ip route add dev br-ports.1 table forcevpn

Finally, in the OpenVPN config, add these:

script-security 2
up /path/to/
down /path/to/

Hope that helps!

1 Like