Hey y’all, is it possible to have a Wi-Fi network that routes any traffic connected to the Wi-Fi network through a VPN connection that is setup on a UDM Pro? If that is possible, what’s the term for that type of routing?
To avoid this being an XY problem here’s the background. When I try to watch certain steaming providers, I’ve noticed that the connection either gets QoS’d or throttled by my ISP; just browsing the streaming provider’s regular site takes ages to load images and content when I can have other more intensive site loading up quicker. However, when I access the same streaming services and site through a VPN there’s no issue. If you guessed that I’m in a rural city without a lot of ISP choices you’d also be correct, which is why I’m trying to find a work around. I’m pretty neighborly in terms of my traffic usage for those of you who also work at an ISP - I set my heavy downloading for Steam games and other services I use to download content to start at 11PM and stop in the mornings.
I’ve seen that there’s a way to route traffic through a VPN, and if that’s my only solution I’ll implement that through either my VPN provider or setup a VPN with AWS but I only need my two steaming devices to route their traffic through a VPN (and thus why I only want a specific Wi-Fi network to route traffic through a VPN and not all my traffic). I just need to know if it’s possible, and if it is what’s the term I need to do my research on to implement.
Hello! Thanks for posting on r/Ubiquiti!
This subreddit is here to provide unofficial technical support to people who use or want to dive into the world of Ubiquiti products. If you haven’t already been descriptive in your post, please take the time to edit it and add as many useful details as you can.
Please read and understand the rules in the sidebar, as posts and comments that violate them will be removed. Please put all off topic posts in the weekly off topic thread that is stickied to the top of the subreddit.
If you see people spreading misinformation, trying to mislead others, or other inappropriate behavior, please report it!
I am a bot, and this action was performed automatically. Please contact the moderators of this subreddit if you have any questions or concerns.
This is what I use. I have a wifi and connected to a separate vlan that routes through my openvpn connection provided by expressvpn. Any device connected to that wifi goes through the VPN connection. GitHub - peacey/split-vpn: A split tunnel VPN script for Unifi OS routers (UDM, UXG, UDR) with policy based routing.
The term you are looking for is “policy based routing”. Policy routing is handled before consulting the routing table, so it can direct traffic out specific interfaces even though that would not be the outcome if the routing table is consulted.
I don’t know if UniFi’s routers have policy routing or not. If they do, you should be able to accomplish what you desire.
Unifi will be implementing (if all goes well) this, see https://youtu.be/tDG3HHFebxE
It’s avaiable soon. It’s still somewhat limited (only open VPN is supported). But it’s coming
Might need something more powerful like pfSense.
I wonder if you could create a WiFi SSID with a separate VLAN that has the VPN as the gateway?
You can do this on PFSense or OPNSense. I actually have a UniFi Wi-Fi network that is routed on VPN at all times. I have 3 others for general use, guest, and IoT devices.
If you have updated the firmware to 2.5.16 and use the Web UI, you will see a new function called VPN Client under the VPN menu. Haven’t tried it yet, but this is to connect to a VPN provider and have all your traffic routed through it.
Excellent question and and answers! I too am rural using cellular links with throttled streaming.
Guess I’m buying a udm. I currently have an ASUS as my VPN network because I couldn’t get this to work using just my usg. Thank you for asking this question.
Have you tested to see if using DNS other than the ISP or DNS sinkholing device or service to see if that helps?
Pfsense allows for source based routing - open source firewall software
I think you can also target a specific device instead of a whole network but I haven’t tried it
I use the same and it works well for me too!
Perfect, thank you so much!
Thank you for posting this, I’m about to setup some UniFi equipment at my home in about a month and I’ve been looking for a solution like this
Ah thank you for the term!
Unfortunately it seems Apple TV doesn’t allow for a VPN to be setup on the device itself.
I may give pfSense a shot then; that did also remind we at an old job we did what I’m trying to accomplish with Meraki so I’ll see if that also gives me any ideas.
I haven’t tinkered enough to see if that’s possible but definitely a good idea, thank you!
Hi, can’t find it. Is it under old on new user interface? Printscreen will be really helpfull. Thx!
I’ve never used the ISP’s DNS servers. I have a Pi-Hole setup and use that for my network’s DNS, I appreciate the idea!
I may give pfSense a shot, thank you.
