I have configured a VPN client using open VPN. The client works: there is a virtual interface and I get an IP address.
But now there are basically 2 things I would like to have.
1 - Create a VLAN which uses this VPN tunnel for all internet access.
2 - On another (existing VLAN) direct certain IP addresses from an ASN to this VPN tunnel.
Are both possible ? In case of the second option, which would be the approach ?
e.g. The VPN has an IP address in the 10.x range. Would I block 'regular' internet for those IP addresses, so it uses the VPN as an alternative, or should I do something with DNS ?
1. Is possible
Create the openvpn setup - connect and valide it works. Then associate a virtual interface to your ovpn instance (ovpn1 in my case), enable it but don't add any ip or rules on it. Then create an nat outbound rule on that interface to any.
I suppose your vlan network has a few ip's assigned and everything works. If so, create a new gateway for the recently created openvpn connection and go to fw rules - vlan interface :
Add a pass rule for that interface, source you entire lan, destination any and gateway (the ovpn gateway)
This should do it.
Use the same gateway for the ips on your different vlan