alexksso/Route subnet to VPN

## Route subnet to VPN
# based on https://community.ui.com/questions/1113ae63-b78c-497f-b410-ba300854b8ba #
sudo -i configure

# 1 Setup the VPN tunnels
set interfaces openvpn vtun0 config-file /config/openvpn/uk55.nordvpn.com.udp1194.ovpn
set interfaces openvpn vtun0 description 'UK OpenVPN VPN tunnel'
set interfaces openvpn vtun1 config-file /config/openvpn/us710.nordvpn.com.udp1194.ovpn
set interfaces openvpn vtun1 description 'US OpenVPN VPN tunnel'
commit

# 2 Route the appropriate devices though the related VPN tunnels
set service nat rule 5000 description 'OpenVPN UK Clients'
set service nat rule 5000 log disable
set service nat rule 5000 outbound-interface vtun0
set service nat rule 5000 source address 10.0.1.0/28
set service nat rule 5000 type masquerade
set service nat rule 5001 description 'OpenVPN US Clients'
set service nat rule 5001 log disable
set service nat rule 5001 outbound-interface vtun1
set service nat rule 5001 source address 10.0.2.0/28
set service nat rule 5001 type masquerade
set service nat rule 5002 description 'All other clients'
set service nat rule 5002 log disable
set service nat rule 5002 outbound-interface eth0
set service nat rule 5002 source address 10.0.0.0/27
set service nat rule 5002 type masquerade

# 3 Create a static route using interface vtun0 as next-hop:
set protocols static table 1 interface-route 0.0.0.0/0 next-hop-interface vtun0
set protocols static table 2 interface-route 0.0.0.0/0 next-hop-interface vtun1
commit

# 4 Create a firewall modify rule for each host you want to route through the Open VPN tunnel.
set firewall modify OPENVPN-UK rule 10 description 'Route UK VPN network to vtun0'
set firewall modify OPENVPN-UK rule 10 source address 10.0.1.0/28
set firewall modify OPENVPN-UK rule 10 modify table 1
set firewall modify OPENVPN-US rule 20 description 'Route US VPN Network - to vtun1'
set firewall modify OPENVPN-US rule 20 source address 10.0.2.0/28 set firewall modify OPENVPN-US rule 20 modify table 2
commit

# 5 Apply the firewall modify rule "in" to your LAN interface.
set interfaces ethernet eth1 vif 10 firewall in modify OPENVPN-UK
set interfaces ethernet eth1 vif 20 firewall in modify OPENVPN-US

commit
save
exit
	# based on https://community.ui.com/questions/1113ae63-b78c-497f-b410-ba300854b8ba #
	sudo -i configure

	# 1 Setup the VPN tunnels
	set interfaces openvpn vtun0 config-file /config/openvpn/uk55.nordvpn.com.udp1194.ovpn
	set interfaces openvpn vtun0 description 'UK OpenVPN VPN tunnel'
	set interfaces openvpn vtun1 config-file /config/openvpn/us710.nordvpn.com.udp1194.ovpn
	set interfaces openvpn vtun1 description 'US OpenVPN VPN tunnel'
	commit

	# 2 Route the appropriate devices though the related VPN tunnels
	set service nat rule 5000 description 'OpenVPN UK Clients'
	set service nat rule 5000 log disable
	set service nat rule 5000 outbound-interface vtun0
	set service nat rule 5000 source address 10.0.1.0/28
	set service nat rule 5000 type masquerade
	set service nat rule 5001 description 'OpenVPN US Clients'
	set service nat rule 5001 log disable
	set service nat rule 5001 outbound-interface vtun1
	set service nat rule 5001 source address 10.0.2.0/28
	set service nat rule 5001 type masquerade
	set service nat rule 5002 description 'All other clients'
	set service nat rule 5002 log disable
	set service nat rule 5002 outbound-interface eth0
	set service nat rule 5002 source address 10.0.0.0/27
	set service nat rule 5002 type masquerade

	# 3 Create a static route using interface vtun0 as next-hop:
	set protocols static table 1 interface-route 0.0.0.0/0 next-hop-interface vtun0
	set protocols static table 2 interface-route 0.0.0.0/0 next-hop-interface vtun1
	commit

	# 4 Create a firewall modify rule for each host you want to route through the Open VPN tunnel.
	set firewall modify OPENVPN-UK rule 10 description 'Route UK VPN network to vtun0'
	set firewall modify OPENVPN-UK rule 10 source address 10.0.1.0/28
	set firewall modify OPENVPN-UK rule 10 modify table 1
	set firewall modify OPENVPN-US rule 20 description 'Route US VPN Network - to vtun1'
	set firewall modify OPENVPN-US rule 20 source address 10.0.2.0/28 set firewall modify OPENVPN-US rule 20 modify table 2
	commit

	# 5 Apply the firewall modify rule "in" to your LAN interface.
	set interfaces ethernet eth1 vif 10 firewall in modify OPENVPN-UK
	set interfaces ethernet eth1 vif 20 firewall in modify OPENVPN-US

	commit
	save
	exit