Business Community > Gateways > er8411 - third-party vpn (client) as gateway for vlan
< Gateways

er8411 - third-party vpn (client) as gateway for vlan

er8411 - third-party vpn (client) as gateway for vlan

er8411 - third-party vpn (client) as gateway for vlan
er8411 - third-party vpn (client) as gateway for vlan
2025-11-07 07:35:51 - last edited 2025-11-13 07:42:09
Tags: #VPN #VLAN & Multi-Networks #Presales
Model: ER8411  
Hardware Version:
Firmware Version:

Hi!

I'm thinking about an er8411 to replace my opnsense-box. For this to happen I do need to have vpn-tunnels being configured as gateways for some vlans. 

Mr. Google told me that this isn't possible!? There is no policy-based routing!? Each device has to be configured to use a vpn-tunnel as a gateway?

I would need at least two vpn-connections with five vlans being routed through this (one vpn per vlan but two/three vlans per vpn). 

 

Can this be done?

Kind regards,

  0      
 
  0      
 
#1
Options
1 Accepted Solution
Re:er8411 - third-party vpn (client) as gateway for vlan-Solution
2025-11-12 05:53:22 - last edited 2025-11-13 07:42:09

  @DerTom 

 

yes it is possible if you use openvpn, it is correct as you say there is no policy route on Openvpn or wireguard but with openvpn you can define which vlan should be included in the tunnel, you can also define up to 5 networks in custom ip settings, one network can consist of a single ip /32 or a larger network /24 or /23 you decide.

 

 

 

 

Recommended Solution
  0  
  0  
#3
Options
3 Reply
Re:er8411 - third-party vpn (client) as gateway for vlan
2025-11-11 19:03:30

I take the silence as no not possible...

  0  
  0  
#2
Options
Re:er8411 - third-party vpn (client) as gateway for vlan-Solution
2025-11-12 05:53:22 - last edited 2025-11-13 07:42:09

  @DerTom 

 

yes it is possible if you use openvpn, it is correct as you say there is no policy route on Openvpn or wireguard but with openvpn you can define which vlan should be included in the tunnel, you can also define up to 5 networks in custom ip settings, one network can consist of a single ip /32 or a larger network /24 or /23 you decide.

 

 

 

 

Recommended Solution
  0  
  0  
#3
Options
Re:er8411 - third-party vpn (client) as gateway for vlan
Saturday - last edited Saturday

@MR.S 

 

I was able to get it but only for ONE LAN/VLAN. It doesn't work for several VLAN's.
It happens because when the openvpn connection is established, my ER8411 router, with 1.3.6 firmware, automatically creates follow routes:
For example:

 

3 10.100.0.0 255.255.240.0 0.0.0.0 NordVPN 0
4 103.86.96.100 255.255.255.255 0.0.0.0 NordVPN 0
5 103.86.99.100 255.255.255.255 0.0.0.0 NordVPN 0
15 0.0.0.0           0.0.0.0            10.100.0.1 NordVPN

 

So this client works great for my first VLAN

 

But for second OpenVPN client it creates only 3 routes

 

2 10.8.8.0 255.255.255.0 0.0.0.0 Surfshark 0
6 149.154.159.92 255.255.255.255 0.0.0.0 Surfshark 0
7 162.252.172.57 255.255.255.255 0.0.0.0 Surfshark 0

 

The problem is i can't manually create extra route to make it similar. The router doesn't allow me to do so.
A result the second VLAN lived without internet if Surfshark is enabled.

Local Network indicated for each OpenVPN client is correct.

  0  
  0  
#4
Options

Information

Helpful: 0

Views: 349

Replies: 3

Tags

VPN VLAN & Multi-Networks Presales
About Us
Press
Copyright © TP-Link Systems Inc. All rights reserved.