Pass all traffic through VPN instead of VOIP VLAN



  • Hey there,
    i just wanted to improve my home-network. I have now three WIFI networks on my Ubiquiti:

    • General WIFI
    • Guest WIFI
    • VOIP WIFI (for my VOIP handphones i want it)

    The traffic from the general WIFI is completely passed by Cberghost VPN to the internet (on no VPN connection, traffic is blocked)
    The traffic from the Guest WIFI is completely passed by C
    berghost VPN to the internet (on no VPN connection, traffic is blocked)
    The traffic from VOIP WIFI should pass directly by the ISP Provider (for a better routing and quality)

    The general WIFI works as expected, i get a local IP (192.168.1.X) and all traffic is passed by Cberghost
    The guest WIFI works as expected, i get a local IP (192.168.5X) and all traffic is passed by C
    berghost
    The VOIP WIFI doesn't work as expected, i get a local IP (192.168.10.X) but all traffic is blocked

    So, i think following:
    The general setup of the WIFI is done, just a firewall rule is wrong / missing / blocking the traffic. Therefore i can't access by the VOIP WIFI directly the internet. But i am not able to find out, what I am doing wrong.

    EDIT: The Problem is the floating rule. It is blocking all traffic, that is not passing the VPN Interface. But how can i now setup a rule, which blocks all the traffic from the LAN, General WIFI, Guest WIFI but in the same way allows traffic from the VOIP WIFI?

    Do you have any suggestions which rule i need to set in which way, to get it working? I will attach here some screenshots of the current firewall rules.

    Best regards & thanks a lot
    Teddy

    WAN.JPG VOIP WIFI.JPG NAT.JPG LAN.JPG GuestWIFI.JPG Floating.JPG



  • Alright together,
    i think i got it working.

    I now used the floating rules with following configuration:

    1. All traffic, that should pass the WAN by my ISP (VOIP VLAN) got tagged with VOIP_PASS

    2. All traffic that should not pass the WAN and only pass tunneled by the VPN got tagged with NO_WAN_EGRESS

    3. One floating rule on the WAN Interface is block -> all traffic tagged with NO_WAN_EGRESS

    4. One floating rule on the WAN interface is pass -> all traffic tagged with VOIP_PASS

    So, at the moment it works in general like expected. Any improvement ideas for this are welcome, if anyone has a better solution!

    Best regards
    I hope it helps someone else with this idea


Log in to reply