Untangle SD-WAN Router can route traffic over VPN tunnels based on a variety of conditions. For example, you can send traffic from a specific local network via a tunnel, or you can send traffic belonging to a category of applications via a tunnel. To route custom defined traffic over VPN tunnels you must configure a WAN Policy for the VPN interface and corresponding WAN Rules to define what types of traffic to send via the tunnel.
Configuring the VPN Tunnel
As a first step, ensure that you have a working VPN tunnel by confirming that the tunnel state is connected and has a valid IP address. See Configuring WireGuard VPN tunnels or Adding OpenVPN tunnels for setup and configuration details.
Note: Your VPN interface must be configured as a WAN Interface.
Adding a WAN Policy
Before you can configure the specific types of traffic to send via the VPN tunnel you must configure a WAN Policy for your VPN interface. Note: As of version 3.0, SD-WAN Router automatically creates a WAN Policy for VPN interfaces.
To configure a WAN Policy:
- Go to Settings > Network > WAN Policies.
- Click Add WAN Policy.
- Enter a description.
- For the Type, choose Specific WAN
- Select your VPN interface in the WAN drop-down.
- Click Save to confirm the new policy.
Adding a WAN Rule
WAN Rules specify how to route traffic through your WAN interfaces via WAN policies. To configure the type of traffic you wish to send through a VPN tunnel you must create at least one WAN Rule. To configure a WAN Rule for routing over a VPN tunnel:
- Go to Settings > Network > WAN Rules.
- Click Add Rule.
- Choose Conditions that match the traffic type you would like to send across the tunnel.
- For the Action, choose the WAN Policy you created in the previous step.
- Click Save to create the rule.
Example - Full tunnel routing
The following WAN Rule sends all traffic from the source interface zone LAN via the tunnel.
Example - Routing for an application category
The following WAN Rule sends all traffic from the client interface zone LAN that is categorized as Web Services via the tunnel.