Routing traffic via VPN Tunnels
Overview
Micro Edge can route traffic over VPN tunnels based on a variety of conditions. For example, you can send traffic from a specific local network via a tunnel, or you can send traffic belonging to a category of applications via a tunnel. To route custom defined traffic over VPN tunnels you must configure a WAN Policy for the VPN interface and corresponding WAN Rules to define what types of traffic to send via the tunnel.
Configuring the VPN Tunnel
As a first step, ensure that you have a working VPN tunnel by confirming that the tunnel state is connected and has a valid IP address. See Configuring WireGuard VPN tunnels or Adding OpenVPN tunnels for setup and configuration details.
Note: Your VPN interface must be configured as a WAN Interface.
VPN Failover in Micro Edge 6.0+
Each VPN built into Micro Edge has a "Bound WAN" option, specifying the WAN to be used as that VPN's default/preferred connection WAN. If that "Bound WAN" setting is set to "Any WAN", VPN failover is enabled.
When the bound WAN goes down, Micro Edge uses the "Best WAN" WAN Policy to determine which WAN to use to reconnect the tunnel. Once the bound WAN is available again, the VPN will switch back to that bound WAN.
Adding a WAN Policy
Before you can configure the specific types of traffic to send via the VPN tunnel you must configure a WAN Policy for your VPN interface. Note: As of version 3.0, Micro Edge automatically creates a WAN Policy for VPN interfaces.
To configure a WAN Policy:
- Go to Settings > Network > WAN Policies.
- Click Add WAN Policy.
- Enter a description.
- For the Type, choose Specific WAN
- Select your VPN interface in the WAN drop-down.
- Click Save to confirm the new policy.
Adding a WAN Rule
WAN Rules specify how to route traffic through your WAN interfaces via WAN policies. To configure the type of traffic you wish to send through a VPN tunnel you must create at least one WAN Rule. To configure a WAN Rule for routing over a VPN tunnel:
- Go to Settings > Network > WAN Rules.
- Click Add Rule.
- Choose Conditions that match the traffic type you would like to send across the tunnel.
- For the Action, choose the WAN Policy you created in the previous step.
- Click Save to create the rule.
Example - Full tunnel routing
The following WAN Rule sends all traffic from the source interface zone LAN via the tunnel.
Example - Routing for an application category
The following WAN Rule sends all traffic from the client interface zone LAN that is categorized as Web Services via the tunnel.
Comments
0 comments
Please sign in to leave a comment.