Hey everyone! I’m new to openWRT but have experience with DD-wrt and asusWRT. I’m trying to figure out how to create a VPN client connection and have the traffic go through only a specific LAN port. Ultimately, I want to have 3 different LAN ports going through 3 different VPN client connections.
I picked up a Linksys EA3500 to play with openWRT for the first time. It doesn’t have the Switch tab in networking and I’ve been following a YT guide that walks through how to setup a VPN tunnel, but it has me going through the Switch tab after creating a VLAN to connect it to the specific eth port.
I’m a bit lost on where or how I attach connections to eth ports without the Switch tab. I do see eth1, eth2, eth3, and eth4 as Devices though if that helps?
Thanks!
if you don’t have a switch page that means there is no internal switch, so vlans are set on the kernel level with the network config by writing devices with the VLAN tag in dot notation
example
changing lan1 to lan1.10 for VLAN 10
on newer versions of Openwrt there is a page for this under network - interfaces - devices tab
Awesome thanks so much!! I’ll give this a shot and see how it goes.
So for example, to have a VPN on its own VLAN attached to eth4 it might look like this?
- Create the VPN to tunnel tun0
- Create internet.10 and eth4.10 and have tun0 connected to VLAN 10
- Remove eth4 from the LAN so it only gets tunneled connections
- Plug into Ethernet port 4 and the device would be in the tunnel?
What’s about an ISP connection from an ONT (CenturyLink fiber) where I want to eliminate their gateway and only use my openwrt router? The only thing required to make internet work with the ONT is that the WAN port needs to be on VLAN 201, so I’m guessing it would look like this?
- Create internet.201 for the WAN port
- Create br-lan.201 for the bridged LAN connection
- Add eth0.201-eth4.201 and internet. 201 as members to br-lan.201 (or removing eth4.201 from the group if creating VLAN 10 as outlined above)
I feel like I’m either getting the picture, or I’m completely missing the mark 
sounds ok although I’ve never done it before
there’s no creating internet.10 or internet.201, just edit the existing WAN and LAN interfaces and make a new one called like VPN, the dot notation can only be applied to kernel level devices (listed in terminal with the command ifconfig)
you would make an interface that bridges together tun0 and eth4.10 as unmanaged, and remove eth4 from lan
you want the interface to be in the LAN firewall zone, not to be confused with the lan interface
also keep in mind that the numbers of ethX might not correspond with the port numbers on the case
