Untangle SD-WAN Router can route traffic over VPN tunnels based on a variety of conditions. For example, you can send traffic from a specific local network via a tunnel, or you can send traffic belonging to a category of applications via a tunnel. To route custom defined traffic over VPN tunnels you must configure a WAN Policy for the VPN interface and corresponding WAN Rules to define what types of traffic to send via the tunnel.
Configuring the VPN Tunnel
As a first step, ensure that you have a working VPN tunnel by confirming that the tunnel state is connected and has a valid IP address. See Adding VPN tunnels for setup and configuration details.
Note: Your VPN interface must be configured as a WAN Interface.
Adding a WAN Policy
Before you can configure the specific types of traffic to send via the VPN tunnel you must configure a WAN Policy for your VPN interface. To configure a WAN Policy:
- Go to Configuration > WAN Policies
- Click Add
- Enter a description
- For the Type, choose Specific WAN
- Select your VPN interface
- Click Add, then Save to confirm the new policy
Adding a WAN Rule
WAN Rules specify how to route traffic through your WAN interfaces via WAN policies. To configure the type of traffic you wish to send through a VPN tunnel you must create at least one WAN Rule. To configure a WAN Rule for routing over a VPN tunnel:
- Go to Configuration > WAN Rules
- Click Create new Rule
- In the Condition, specify what type of traffic you want to send over the tunnel.
IMPORTANT - It is recommended to add a condition to set the "source" interface type as LAN to ensure that SD-WAN Router does not send traffic over the VPN tunnel.
- For the Action, choose WAN Policy
- Select the VPN policy you created in the previous step
- Click Create Rule
- Move the rule to the top of the list and click save
Example - Full tunnel routing
The following WAN Rule sends all traffic from the source interface zone LAN via the tunnel.
Example - Routing for an application category
The following WAN Rule sends all traffic from the client interface zone LAN that is categorized as Web Traffic via the tunnel.