Routing traffic via VPN Tunnels

Overview

Untangle SD-WAN Router can route traffic over VPN tunnels based on a variety of conditions. For example, you can send traffic from a specific local network via a tunnel, or you can send traffic belonging to a category of applications via a tunnel. To route custom defined traffic over VPN tunnels you must configure a WAN Policy for the VPN interface and corresponding WAN Rules to define what types of traffic to send via the tunnel.

Configuring the VPN Tunnel
As a first step, ensure that you have a working VPN tunnel by confirming that the tunnel state is connected and has a valid IP address. See Configuring WireGuard VPN tunnels or Adding OpenVPN tunnels for setup and configuration details.
Note: Your VPN interface must be configured as a WAN Interface.

610-1.png

Adding a WAN Policy
Before you can configure the specific types of traffic to send via the VPN tunnel you must configure a WAN Policy for your VPN interface. Note: As of version 3.0, SD-WAN Router automatically creates a WAN Policy for VPN interfaces.

To configure a WAN Policy:

  1. Go to Settings > Network > WAN Policies.
  2. Click Add WAN Policy.
  3. Enter a description.
  4. For the Type, choose Specific WAN
  5. Select your VPN interface in the WAN drop-down.
  6. Click Save to confirm the new policy.

610-2.png

Adding a WAN Rule
WAN Rules specify how to route traffic through your WAN interfaces via WAN policies. To configure the type of traffic you wish to send through a VPN tunnel you must create at least one WAN Rule. To configure a WAN Rule for routing over a VPN tunnel:

  1. Go to Settings > Network > WAN Rules.
  2. Click Add Rule.
  3. Choose Conditions that match the traffic type you would like to send across the tunnel.
  4. For the Action, choose the WAN Policy you created in the previous step.
  5. Click Save to create the rule.

Example - Full tunnel routing
The following WAN Rule sends all traffic from the source interface zone LAN via the tunnel.

610-3.png

Example - Routing for an application category
The following WAN Rule sends all traffic from the client interface zone LAN that is categorized as Web Services via the tunnel.

610-4.png

Follow
Was this article helpful?
5 out of 6 found this helpful
Have more questions? Submit a request

Comments

0 comments

Please sign in to leave a comment.

Powered by Zendesk