Running multiple VPNs

Hey folks,

Is it possible to run multiple VPNs on a Turris Omnia and route different devices through different VPNs when the hit the WAN?

My use case is to run a work VPN for my dedicated work computers, another VPN for my kids streaming content, and a third VPN for my partner’s phone back home. Some of these devices will allow running a VPN directly on them, but not all. Chromecast, locked work computer, Google Home, etc.

Just wondering if anyone has already done this before I start investigating in earnest.

Thanks

Duncan

2 Likes

I did a similar thing without using policy-based routing. I tried it but couldn’t make it work so I solved it using route tables and VLANs, and found it to be much simpler and easier to reason about.

Essentially, for each VPN you’ll have one “wan” interface and one “lan” interface tied to a VLAN.

You can bridge specific wifi SSIDs to each of these VLANs if required. Once you have that set up, you just need to route packets through the VPNs.

For example, say you have allocated VLAN 30 to one of these VPNs, and the interfaces are called tun30 (vpn/wan - this will be created by the VPN software/connection. for OpenVPN you might need to create an Unmanaged interface in LuCI/uci and point to it) and vpnlan30 (vpn/lan, possibly including wifi interfaces bridged to it). You need 2 things in your network config:

config route
	option target '0.0.0.0'
	option netmask '0.0.0.0'
	option table '30'
	option interface 'tun30'

This creates a route table called 30 (I usually use the VLAN ID for this) where everything is routed to and from the tun30 interface, which is connected to the VPN endpoint.

With that set up, you need a rule to make packets that arrive on vpnlan30 use that route table:

config rule
	option in 'vpnlan30'
	option dest '0.0.0.0/0'
	option priority '10'
	option lookup '30'

For each of the other VPNs, create a new VLAN and the 2 things above.

1 Like

Thanks.

I will investigate both routes.

Cheers, D

1 Like