Routing traffic via VPN Tunnels


Untangle SD-WAN Router can route traffic over VPN tunnels based on a variety of conditions. For example, you can send traffic from a specific local network via a tunnel, or you can send traffic belonging to a category of applications via a tunnel. To route custom defined traffic over VPN tunnels you must configure a WAN Policy for the VPN interface and corresponding WAN Rules to define what types of traffic to send via the tunnel.

Configuring the VPN Tunnel
As a first step, ensure that you have a working VPN tunnel by confirming that the tunnel state is connected and has a valid IP address. See Configuring WireGuard VPN tunnels or Adding OpenVPN tunnels for setup and configuration details.
Note: Your VPN interface must be configured as a WAN Interface.


Adding a WAN Policy
Before you can configure the specific types of traffic to send via the VPN tunnel you must configure a WAN Policy for your VPN interface. Note: As of version 3.0, SD-WAN Router automatically creates a WAN Policy for VPN interfaces.

To configure a WAN Policy:

  1. Go to Configuration > WAN Policies
  2. Click Add
  3. Enter a description
  4. For the Type, choose Specific WAN
  5. Select your VPN interface
  6. Click Add, then Save to confirm the new policy


Adding a WAN Rule
WAN Rules specify how to route traffic through your WAN interfaces via WAN policies. To configure the type of traffic you wish to send through a VPN tunnel you must create at least one WAN Rule. To configure a WAN Rule for routing over a VPN tunnel:

  1. Go to Configuration > WAN Rules
  2. Click Create new Rule
  3. In the Condition, specify what type of traffic you want to send over the tunnel.
    IMPORTANT - It is recommended to add a condition to set the "source" interface type as LAN to ensure that SD-WAN Router does not send traffic over the VPN tunnel.
  4. For the Action, choose WAN Policy
  5. Select the VPN policy you created in the previous step
  6. Click Create Rule
  7. Move the rule to the top of the list and click save

Example - Full tunnel routing
The following WAN Rule sends all traffic from the source interface zone LAN via the tunnel.


Example - Routing for an application category
The following WAN Rule sends all traffic from the client interface zone LAN that is categorized as Web Traffic via the tunnel.


Was this article helpful?
4 out of 5 found this helpful
Have more questions? Submit a request



Please sign in to leave a comment.

Powered by Zendesk