- This topic has 99 replies, 8 voices, and was last updated 5 years, 8 months ago by
.
-
Posts
-
GrahamRHK – 12 hours ago »
Quote:It should be easy to route traffic from a particular device, or traffic to and from specific sites around the VPN.This is indeed correct. I have been experimenting – being intrigued by this problem. I have set up a permanent VPN tunnel to NordVPN in the router. Then used Route Policy settings in the Draytek 2862 router to force HUMAX traffic over the WAN while allowing other connected devices (eg this computer that I am posting from) to use the VPN tunnel. All works perfectly. I think the problem again relates to DNS settings. NordVPN blocks access to many ISP supplied DNS servers (NordVPN FAQ) and uses its own – 103.86.96.100 and 103.86.99.100. So if the HUMAX thinks the DNS servers are different from those it won’t work – nor will this computer unless I set DNS servers to those addresses, as I discovered.
Hope that helps
Thanks for this Graham – this sounds like it’s exactly what I need, as, so far, all of the route policies set up by Draytek tech support have failed. By this, I mean that I cannot access any catch-up sevice from the Humax whilst the VPN is active.
Since then, I’ve bought a new Smart TV, and found that I can’t access any services like YouTube or YouView catch-up whilst the VPN is active. As soon as it’s off – all works as it should.
Therefore, I can see that the only way to make this work, is to have the IP addresses of the Humax box and the TV separated from the VPN, but still haven’t been able to set-up the router to actually do this!
Many thanks
I have put here a link to a screen shot of my routing table. The first entry is this macbook – accessing the tunnel. The next is for fixed IP devices on my local network. The next two are my HUMAX.
https://drive.google.com/file/d/1ykJwcfeH-0RDkQQf6X6sp9uzwKdcShzA/view?usp=sharing
I have posted the link this way because uploads to this forum don’t seem to work for me.
Is this feasible?
Your router has (let’s say) 5 ethernet ports on the back.
Is it possible to specify a specific port to be exempt or bypassing the VPN? If so, perhaps you can then use a set of homeplugs or repeaters that use that specific port and let everything else use the rest?
GrahamRHK – 7 hours ago »
I have put here a link to a screen shot of my routing table. The first entry is this macbook – accessing the tunnel. The next is for fixed IP devices on my local network. The next two are my HUMAX.
https://drive.google.com/file/d/1ykJwcfeH-0RDkQQf6X6sp9uzwKdcShzA/view?usp=sharing
I have posted the link this way because uploads to this forum don’t seem to work for me.
SOLVED
Thanks Graham for the screenshot. I could only see the summary route policy screen, but I’ve just come off the phone from Draytek support and finally spoken to a tech that did what I asked, and it works!
He went about slightly differently.
1 – He set up the two streaming devices as “IP objects” within the Objects Setting menu. Each of the two devices was created as an object.
2 – An object group was then created and given a name. Both IP objects were moved into the group – effectively creating a bubble that was going to be treated differently.
3 – Then, two new route policies were created. One for the IP group, that was directed down WAN1, and everything else, that was directed down the VPN.
Everything now works as intended. The Humax loads up all of the apps and streams as it does when the VPN is off. The Sony Smart TV loads up all of it’s apps and streams just fine as it should as well. Eveything else is encrypted through the VPN, which is just what I wanted.
One would imagine that the inverse could be set-up for ex-pats to get streaming services from the UK whilst abroad, so that all of the UK content could be set to stream through a UK-based VPN server to try to fool the BBC/ITV and so on.
Result!
Perseverance pays off in the end.
It would appear that what we all thought should be possible is possible after all, it’s just a convoluted set of terminologies instead of just being able to simply assign a policy to a device with a yes/no tag for whether it is routed via the VPN.
Exactly.
I don’t think you could do this with almost any other router, Draytek’s are clearly extremely adaptable and customisable devices. Most ISP supplied router’s could never handle splitting network traffic in this way.
Quote:He went about slightly differently.That is a more elegant way of doing it. But very glad that all is now working for you.
Quote:Most ISP supplied router’s could never handle splitting network traffic in this wayI guess not – nor be able to set up a router based VPN either.
Which raises an interesting question about VPN use. Very useful for mobile devices when out and about connecting to public WiFi. And also useful for expat folks and travellers to get UK based content in other countries. Hiding home IP address gives increased security. Router based VPN good for multiple devices on home network. But that is not a topic for this forum.
GrahamRHK – 1 day ago »
Which raises an interesting question about VPN use. Very useful for mobile devices when out and about connecting to public WiFi. And also useful for expat folks and travellers to get UK based content in other countries. Hiding home IP address gives increased security. Router based VPN good for multiple devices on home network. But that is not a topic for this forum.
Exactly, although some other users clearly don’t get this very basic reason. It’s also useful for encrypting email to/from a local client for the entire local network.
I have found a slight fly in the ointment with the Draytek solution… The router was rebooted after the solution was implemented (not by me), and the Humax/Sony TV stopped working. It took me a little while to realise why they had both stopped streaming.
The solution was simply to change the IP addresses in the IP objects as their IP addresses had changed, and all was well again – but that dang dynamic DHCP is a pain in the derriere sometimes!
Quote:The solution was simply to change the IP addresses in the IP objects as their IP addresses had changed, and all was well again – but that dang dynamic DHCP is a pain in the derriere sometimes!There is a fix for that. In the LAN settings you will find a sub menu “Bind IP to MAC”. The router will always assign your preferred addresses to the devices you want to have, effectively, a fixed IP address – though you are using DHCP.
GrahamRHK – 5 days ago »
Quote:The solution was simply to change the IP addresses in the IP objects as their IP addresses had changed, and all was well again – but that dang dynamic DHCP is a pain in the derriere sometimes!There is a fix for that. In the LAN settings you will find a sub menu “Bind IP to MAC”. The router will always assign your preferred addresses to the devices you want to have, effectively, a fixed IP address – though you are using DHCP.
Thanks Graham – good suggestion.
Have just tried it, and bizarrely, the Sony TV and the Humax box have the same MAC address! Therefore, it would only let me bind one IP address, as it would let the second through with the same MAC.
Still trying to get the bottom of how that could happen, so have just left it with the Humax as the single bound IP address for now – so far, it seems to be working.
rjsdavis – 2 hours ago »
Have just tried it, and bizarrely, the Sony TV and the Humax box have the same MAC address! Therefore, it would only let me bind one IP address, as it would let the second through with the same MAC.
How are you determining the MAC address of the devices?
Martin Liddle – 28 mins ago »
rjsdavis – 2 hours ago »
Have just tried it, and bizarrely, the Sony TV and the Humax box have the same MAC address! Therefore, it would only let me bind one IP address, as it would let the second through with the same MAC.
The MAC addresses are displayed in all tables within the router admin pages, on the main admin page and the ARP cache table amongst others. The router itself determines and displays what they are, and the process of binding the IP to lock it to one particular device, is effectively an automated cut/paste job within the admin tools.
How are you determining the MAC address of the devices?
Quote:Have just tried it, and bizarrely, the Sony TV and the Humax box have the same MAC address! Therefore, it would only let me bind one IP address, as it would let the second through with the same MAC.That surprises me. I thought that MAC addresses have an octet which is manufacturer specific and should be globally unique. (Something else to check – it all adds to personal learning!). The two devices should have a label (back, underside…) with the MAC address(es) printed. If you are getting the info from the router have you tried rebooting it?
Quote:I thought that MAC addresses have an octet which is manufacturer specific and should be globally unique.They are… see here – https://www.geeksforgeeks.org/introduction-of-mac-address-in-computer-network/
GrahamRHK – 1 week ago »
Quote:Have just tried it, and bizarrely, the Sony TV and the Humax box have the same MAC address! Therefore, it would only let me bind one IP address, as it would let the second through with the same MAC.That surprises me. I thought that MAC addresses have an octet which is manufacturer specific and should be globally unique. (Something else to check – it all adds to personal learning!). The two devices should have a label (back, underside…) with the MAC address(es) printed. If you are getting the info from the router have you tried rebooting it?
It's strange, and something that I'm already investigating with Draytek. As you can see from the image, there are no less than 6 devices all showing the same MAC address.
It would *appear* to be all of the Android based devices that seem to be doing it – the Sony TV, the 2x Roku NowTV boxes, Android smartphones….
[attachment=76331,1333]
- You must be logged in to reply to this topic.