Pass all traffic through VPN instead of VOIP VLAN
Teddy last edited by Teddy
i just wanted to improve my home-network. I have now three WIFI networks on my Ubiquiti:
- General WIFI
- Guest WIFI
- VOIP WIFI (for my VOIP handphones i want it)
The traffic from the general WIFI is completely passed by Cberghost VPN to the internet (on no VPN connection, traffic is blocked)
The traffic from the Guest WIFI is completely passed by Cberghost VPN to the internet (on no VPN connection, traffic is blocked)
The traffic from VOIP WIFI should pass directly by the ISP Provider (for a better routing and quality)
The general WIFI works as expected, i get a local IP (192.168.1.X) and all traffic is passed by Cberghost
The guest WIFI works as expected, i get a local IP (192.168.5X) and all traffic is passed by Cberghost
The VOIP WIFI doesn't work as expected, i get a local IP (192.168.10.X) but all traffic is blocked
So, i think following:
The general setup of the WIFI is done, just a firewall rule is wrong / missing / blocking the traffic. Therefore i can't access by the VOIP WIFI directly the internet. But i am not able to find out, what I am doing wrong.
EDIT: The Problem is the floating rule. It is blocking all traffic, that is not passing the VPN Interface. But how can i now setup a rule, which blocks all the traffic from the LAN, General WIFI, Guest WIFI but in the same way allows traffic from the VOIP WIFI?
Do you have any suggestions which rule i need to set in which way, to get it working? I will attach here some screenshots of the current firewall rules.
Best regards & thanks a lot
Teddy last edited by
i think i got it working.
I now used the floating rules with following configuration:
All traffic, that should pass the WAN by my ISP (VOIP VLAN) got tagged with VOIP_PASS
All traffic that should not pass the WAN and only pass tunneled by the VPN got tagged with NO_WAN_EGRESS
One floating rule on the WAN Interface is block -> all traffic tagged with NO_WAN_EGRESS
One floating rule on the WAN interface is pass -> all traffic tagged with VOIP_PASS
So, at the moment it works in general like expected. Any improvement ideas for this are welcome, if anyone has a better solution!
I hope it helps someone else with this idea