Policy-based routing?

[WST16]

Hi,

A friend asked me if any of Synology’s routers support policy-based routing. I didn’t know (never used Synology routers) and we tried to quickly look for that info to no avail. An example of what he wants to do is to route certain domains (from single or multiple clients on the LAN or connected to the router over the router‘s VPN server) over a VPN connection established by the router (to a VPN provider like Proton, Mullvad or a VPN server). Another is to route traffic to certain countries to go over another VPN connection.

How many VPN connections can the router support (as in client mode to VPN providers or servers)?

If this is supported, how easy is it to implement? Is it on the SRM interface or must he use the CLI?


Thank you for any information.

 

[Rusty]

If this is supported, how easy is it to implement? Is it on the SRM interface or must he use the CLI?

 

[WST16]

Thanks Rusty.

Looks like the policy route options there are according to IP addresses only.
Can I specify domains, countries or content (e.g. video)?

This appears to be more of a link backup if I’m reading this right.

 

[fredbert]

As far as I’m aware this routing adds source IP to the usual destination IP-only. But it doesn’t included packet inspection to determine the payload’s type or destination FQDN.

You can do FQDN-like routing for fairly static destination IPs, but this will have to be manual. If you can establish the set of IPs, or subnets, being used then it’s fairly simple. But then I guess you already know this.

You could run a forward proxy server on the LAN with PAC file that specifies the destinations that use the proxy and default everything else to go direct. Then route the proxy as source IP via the alternate WAN path.

 

[Rusty]

Can I specify domains, countries or content (e.g. video)?

Nope, not from this UI

 

[WST16]

Very clear. Thank you both for your input.

 

[paradeiser]

prefect! Thanks for this thread - I was actually looking for this for quite a while:
Now I have my own secondary WLAN, routing all traffic via my VPN. No need for the client to set up VPN.

1. I set up a new WLAN (SSID '… VPN') using its own subnet (WiFi Connect)
2. I set up a VPN in Network-Center > Internet > Connections > VPN
3. I set up Static Routes in Network-Center > Internet > Smart Wan > Policy Route to route traffic from that sub-net thru the VPN.

The only tricky part was, not to route the Gateway IP (192.168.x.1) thru VPN.

Now I just have to connect to the WLAN "… VPN" on any device to route thru my VPN connection.

Finally, I am able to use my AppleTV and other clients using my "location flexible" VPN

Thanks!

 

[WST16]

Check for DNS leaks:

DNS leak test

dnsleaktest.com

IP/DNS Detect

What is your IP, what is your DNS, check your torrent IP, what informations you send to websites.

ipleak.net