Created
August 20, 2020 15:04
-
-
Save alexksso/f561af41f60a56272fa001130be29386 to your computer and use it in GitHub Desktop.
Ubiquiti commands to route specific subdomains to VPN tunnels
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# based on https://community.ui.com/questions/1113ae63-b78c-497f-b410-ba300854b8ba # | |
sudo -i configure | |
# 1 Setup the VPN tunnels | |
set interfaces openvpn vtun0 config-file /config/openvpn/uk55.nordvpn.com.udp1194.ovpn | |
set interfaces openvpn vtun0 description 'UK OpenVPN VPN tunnel' | |
set interfaces openvpn vtun1 config-file /config/openvpn/us710.nordvpn.com.udp1194.ovpn | |
set interfaces openvpn vtun1 description 'US OpenVPN VPN tunnel' | |
commit | |
# 2 Route the appropriate devices though the related VPN tunnels | |
set service nat rule 5000 description 'OpenVPN UK Clients' | |
set service nat rule 5000 log disable | |
set service nat rule 5000 outbound-interface vtun0 | |
set service nat rule 5000 source address 10.0.1.0/28 | |
set service nat rule 5000 type masquerade | |
set service nat rule 5001 description 'OpenVPN US Clients' | |
set service nat rule 5001 log disable | |
set service nat rule 5001 outbound-interface vtun1 | |
set service nat rule 5001 source address 10.0.2.0/28 | |
set service nat rule 5001 type masquerade | |
set service nat rule 5002 description 'All other clients' | |
set service nat rule 5002 log disable | |
set service nat rule 5002 outbound-interface eth0 | |
set service nat rule 5002 source address 10.0.0.0/27 | |
set service nat rule 5002 type masquerade | |
# 3 Create a static route using interface vtun0 as next-hop: | |
set protocols static table 1 interface-route 0.0.0.0/0 next-hop-interface vtun0 | |
set protocols static table 2 interface-route 0.0.0.0/0 next-hop-interface vtun1 | |
commit | |
# 4 Create a firewall modify rule for each host you want to route through the Open VPN tunnel. | |
set firewall modify OPENVPN-UK rule 10 description 'Route UK VPN network to vtun0' | |
set firewall modify OPENVPN-UK rule 10 source address 10.0.1.0/28 | |
set firewall modify OPENVPN-UK rule 10 modify table 1 | |
set firewall modify OPENVPN-US rule 20 description 'Route US VPN Network - to vtun1' | |
set firewall modify OPENVPN-US rule 20 source address 10.0.2.0/28 set firewall modify OPENVPN-US rule 20 modify table 2 | |
commit | |
# 5 Apply the firewall modify rule "in" to your LAN interface. | |
set interfaces ethernet eth1 vif 10 firewall in modify OPENVPN-UK | |
set interfaces ethernet eth1 vif 20 firewall in modify OPENVPN-US | |
commit | |
save | |
exit |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment