How to setup an Edgerouter as VPN Client

VPN clients are getting really popular in the last couple of years and for a good reason. They protect your privacy and allow you to use the internet without any restrictions (Think of watching Netflix series that are not available in your county yet).

Now the downside of VPN is that you will need a client on your device to connect to the VPN server, something that isn’t possible with your smart tv for example. With an Edgerouter though, you can setup the VPN for your whole network.

In this article, I will explain how you can set up the EdgeRouter as a VPN Client for the three largest VPN providers, NordVPN, Surfshark, and ExpressVPN.

To connect to the EdgeRouter over SSH we will use Putty and upload the configuration files to the router we are going to use WinSCP. But any other SSH and FTP client will also do fine for this article

NordVPN and Edgerouter

So lets first start with setting up NordVPN on the EdgeRouter. You will need your login credentials from NordVPN, Putty to connect to your EdgeRouter over SSH and WinSCP to upload a file to the router.

  1. Create a file on your computer and name it vpnauth.txt. Open the file and type in your NordVPN username and password. Each on their own line:

    username
    password
  2. Next, we need to download the NordVPN server configuration. NordVPN has a great tool to find the best server near your location, which you can find here: https://nordvpn.com/servers/tools/.
    In the recommended server block (left side) click on Show all protocols and download the OpenVPN UDP config.

    NordVPN Edgerouter
  3. Open the configuration file (right-click it, open with notepad), we need to make two changes in the file:

    – Change auth-user-pass to auth-user-pass /config/auth/vpnauth.txt
    – Add below the auth-user-pass line the following: route-nopull

    save the file
  4. Now we need to upload the file to our router. Open WinSCP and connect to your router: enter the IP address of the router (If you don’t know the Ip Address of your router you can check this article), and your username and password:

    winscp-edgerouter

    Click on Login, you will get a security warning and a warning from the EdgeRouter itself. Click ok for both warnings.
  5. On the right side in WinSCP, you will see the file on your EdgeRouter. By default, you will be in the folder /home/ubnt. Click on the root folder icon to navigate to the root of the EdgeRouter. You will now see a lot more folder, including config.

    winscp go to root folder

    Open the config folder – and create a new folder with the name auth. Set the permissions to 0777

    winscp create new folder auth
  6. Upload the username password file that we created in step 1 and the configuration file from step 4 to the new folder.
  7. Open Putty and connect to your EdgeRouter.

    SSH Putty Edgerouter

    Log in with the username ubnt and the password of your EdgeRouter.
  8. Enter the command below:
configure #enters configuration mode on your EdgeRouter. You can close it with exit

# We uploaded the files to /config/auth. 
# REPLACE us4313.nordvpn.com.udp.ovpn with the filename that you download!
set interfaces openvpn vtun0 config-file /config/auth/us4313.nordvpn.com.udp.ovpn
set interfaces openvpn vtun0 description 'OpenVPN VPN tunnel'
commit

set service nat rule 5000 description 'OpenVPN Clients'
set service nat rule 5000 log disable
set service nat rule 5000 outbound-interface vtun0
set service nat rule 5000 source address 192.168.1.0/24
set service nat rule 5000 type masquerade
commit

set protocols static table 1 interface-route 0.0.0.0/0 next-hop-interface vtun0
set firewall modify SOURCE_ROUTE rule 10 description 'traffic from 192.168.1.0/24 to vtun0'
set firewall modify SOURCE_ROUTE rule 10 source address 192.168.1.0/24
set firewall modify SOURCE_ROUTE rule 10 modify table 1
set interfaces switch switch0 firewall in modify SOURCE_ROUTE
commit

save

The configuration is applied after you pressed save. To check if the VPN Client is working on the EdgeRouter you can enter the following command:

run show log

At the end of the log file, you will see Initialization Sequence Completed. This means that your EdgeRouter is successfully connected to the servers from NordVPN.

ExpressVPN Configuration for the EdgeRouter

The configuration for ExpressVPN is pretty much the same, only a few steps are different. Just like with NordVPN, we need to get an authentication file and configuration file to get started.

  1. Create an account on ExpressVPN.com and go to My Account on the menu. Click on Setup ExpressVPN and then choose Manual Config. Download the configuration file (my_expressvpn_county_city_udp.ovpn)
  2. Open the configuration file with notepad. Change the following:

    – Change auth-user-pass to auth-user-pass /config/auth/vpnauth.txt
    – Add below the auth-user-pass line the following: route-nopull

    Save the file
  3. Next, create a new file on your computer and name it vpnauth.txt. Open the file and type in your ExpressVPN username and password, you will find these the My Account section where you also downloaded the configuration file.

    Make sure that the username and password are each on their own line.
  4. We need to upload the files to the EdgeRouter and connect to the router with SSH. Follow steps 4 to 7 from the NordVPN part above here.
  5. After you have uploaded both files to your router we can enter the configuration:
configure #enters configuration mode on your EdgeRouter. You can close it with exit

# We uploaded the files to /config/auth. 
# REPLACE my_expressvpn_county_city_udp.ovpn with the filename that you download!
set interfaces openvpn vtun0 config-file /config/auth/my_expressvpn_county_city_udp.ovpn
set interfaces openvpn vtun0 description 'OpenVPN VPN tunnel'
commit

set service nat rule 5001 description 'OpenVPN Clients'
set service nat rule 5001 log disable
set service nat rule 5001 outbound-interface vtun0
set service nat rule 5001 source address 192.168.1.0/24
set service nat rule 5001 type masquerade
commit

set protocols static table 1 interface-route 0.0.0.0/0 next-hop-interface vtun0
set firewall modify SOURCE_ROUTE rule 10 description 'traffic from 192.168.1.0/24 to vtun0'
set firewall modify SOURCE_ROUTE rule 10 source address 192.168.1.0/24
set firewall modify SOURCE_ROUTE rule 10 modify table 1
set interfaces switch switch0 firewall in modify SOURCE_ROUTE
commit

save

You should now have successfully connected your EdgeRouter to ExpressVPN, allowing every device in your network to use the services from ExpressVPN.

Surfshark OpenVPN configuration for EdgeRouter

Also with Surfshark, we can set up an OpenVPN connection from our EdgeRouter. Surfshark is one the cheapest VPN provider supporting unlimited devices, so if you haven’t picked a VPN yet, make sure you check this article!

Just like the other two, we need to get an authentication file and configuration file to get started.

  1. Create an account at Surfshark.com and click on Devices.
  2. Scroll down to Advanced and select Manual. At the bottom of the page, you will find your service credentials. We will need this later.
  3. Pick a location and download the UDP configuration file
  4. Open the configuration file with notepad. Change the following:
    – Change auth-user-pass to auth-user-pass /config/auth/vpnauth.txt
    – Add below the auth-user-pass line the following: route-nopull
    Save the file
  5. Next, create a new file on your computer and name it vpnauth.txt. Open the file and type in the username and password from the service credentials (see step 2).
  6. Make sure that the username and password are each on their own line.
  7. We need to upload the files to the EdgeRouter and connect to the router with SSH. Follow steps 4 to 7 from the NordVPN part above here.
  8. After you have uploaded both files to your router we can enter the configuration:
configure #enters configuration mode on your EdgeRouter. You can close it with exit

# We uploaded the files to /config/auth. 
# REPLACE us-mia.prod.surfshark.comsurfshark_openvpn_udp.ovpn with the filename that you download!

set interfaces openvpn vtun0 config-file /config/auth/us-mia.prod.surfshark.comsurfshark_openvpn_udp.ovpn
set interfaces openvpn vtun0 description 'OpenVPN VPN tunnel'
commit

set service nat rule 5001 description 'OpenVPN Clients'
set service nat rule 5001 log disable
set service nat rule 5001 outbound-interface vtun0
set service nat rule 5001 source address 192.168.1.0/24
set service nat rule 5001 type masquerade
commit

set protocols static table 1 interface-route 0.0.0.0/0 next-hop-interface vtun0
set firewall modify SOURCE_ROUTE rule 10 description 'traffic from 192.168.1.0/24 to vtun0'
set firewall modify SOURCE_ROUTE rule 10 source address 192.168.1.0/24
set firewall modify SOURCE_ROUTE rule 10 modify table 1
set interfaces switch switch0 firewall in modify SOURCE_ROUTE
commit

save

You should now have successfully connected your EdgeRouter to Surfshark, allowing every device in your network to use the services from Surfshark.

Conclusion

The configuration above should work in principle for every VPN provider, you only need an OpenVPN configuration file from your provider to get started. I hope this article helped you with setting up the EdgeRouter as a VPN client.

VPN’s are getting really more common these days, whats is your VPN and why did you start using it? Let me know in the comments below!

Get more stuff like this

IT, Office365, Smart Home, PowerShell and Blogging Tips

I hate spam to, so you can unsubscribe at any time.

76 thoughts on “How to setup an Edgerouter as VPN Client”

  1. Can someone share what speeds they are getting with a Edgerouter 4? I have an ER-X and based on it’s CPU you will only get around 15Mbps especially if the auth is using SHA512 which is what nordvpn is using. aes-256-cbc and sha512. I really would like to know what is the openvpn speed from an ER-4 using nord or any other vpn provider.

  2. im getting an array of errors on edgeOS (ubiquiti usg), mainly during setup:

    “[ service nat rule 5000 outbound-interface vtun0 ]
    NAT configuration warning: interface vtun0 does not exist on this system:

    then on the logs:
    USG openvpn[12203]: TLS: Initial packet from [AF_INET]*.*.*.*:1194,
    Aug 16 19:53:55 USG openvpn[12203]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
    Aug 16 19:53:55 USG openvpn[12203]: TLS Error: TLS handshake failed
    Aug 16 19:53:55 USG openvpn[12203]: SIGUSR1[soft,tls-error] received, process restarting

    also cant see how to hardcode a rule that allows -p 1194 udp to be open on the router??

    any ideas welcome.

  3. Aloha Ruud,
    I got it to work and use the expressvpn on my edgerouter. how do I turn it off and not use the vpn?
    Mahalo,
    Louis

  4. Question: do you start this process from a “reset” EdgeRouter or from one that has been LAN/WAN configured (wizard)? Thanks.

  5. Hi Ruud,
    thanks for sharing this.
    I have one question though.
    This is about all the NAT rules etc one needs to setup. Isn’t it just much simpler to add a masquerade for tun0 for all traffic (before the masquerade for WAN) and you are done?
    Just trying to understand why one needs to setup all these rules.
    thanks,
    Raoul

    • Hi Ruud,
      please disregard my comment on masquerade, figured that one out.

      I do however have another problem:
      First I have a EdgeMAX4, so without switch.
      Further I have VLANs and I want to have a ip range on a vla go through the vpn.
      So this is what I have (rest is the same)

      set protocols static table 1 interface-route 0.0.0.0/0 next-hop-interface vtun0
      set firewall modify SOURCE_ROUTE rule 10 description ‘traffic from 192.168.11.7x to vtun0’
      set firewall modify SOURCE_ROUTE rule 10 source address 192.168.11.70-192.168.11.79
      set firewall modify SOURCE_ROUTE rule 10 modify table 1
      set interfaces ethernet eth2 vif 11 firewall in modify SOURCE_ROUTE
      commit

      the traffic from these IP addresses does go out over vtun0, but on the webpage of the ER4 the Rx count on vtun0 remains 0, so apparently nothing is coming back.
      I do use the same OpenVPN server with multiple computers (MAC, IoS and Windows) without problem. What am I doing wrong?

  6. I tried doing this on my EdgeRouter Lite 3 running v2.0.9-hotfix.1 and in response to the “set interfaces openvpn vtun0 config-file /config/auth/us8540.nordvpn.com.udp.ovpn” command I get “Invalid command.” Is this not supported on the Lite?

  7. Hi Rudy,

    OpenVpn on the edgerouter is crushing my internet speed. Using the ExressVPN app on the laptop I can get 300mbps in both directions from France to UK whereas I am lucky to get 8mbps through the edgerouter. Short of finding a faster endpoint is there another way of improving speed by using lightway protocol for instance or a less secure protocol – I am only using to access TV so full on security is not required. Thanks

  8. I failed to pull a backup of my edgerouter. My throughput dropped from 400 to 16. Are there any instructions on how to back out all the changes that you posted for the Surfshark section?

  9. Hi Ruud

    Awesome guide thank you.

    I can now connect to the ExpressVPN service great. However I am getting DNS leaks. Is there any advice you can give to troubleshoot this? Unfortunately ExpressVPN don’t provide a dedicated dns server address so I can’t just force it via dhcp. How do I force dns queries down the tunnel ?

    Thanks in advance

    • You will need to create a static router for the DNS:

      set protocols static interface-route 1.1.1.1/32 next-hop-interface vtun0
      set protocols static interface-route 1.1.0.0/32 next-hop-interface vtun0

  10. I almost got this working. It says EdgeRouter is successfully connected but then the ver next log line is:
    write UDP: Operation not permitted (code=1)

    there’s no traffic passing. I factory reset the router and tried again before posting.

    Any ideas? thanks

  11. Hello Ruud

    Hope you can help me with this:
    I followed you manual with EdgerouterX-Nordvpn and everything was fine, however since I´m load balancing between 2 carriers I´m strugling with stability, some sites respond ok, others not; looks that it will work fine only having 1 single interface with only one carrier.
    While load balancing I tried to change AD from DHCP to have only one default route, and have the VPN use that path with no success.
    I also tried to create an alternate load balancing group from a specific subnet to take one of the 2 ISPs, and also in the VPN to filter traffic for that specific subnet, I mean, trying to force traffic into a specific interface… no luck as well.
    I tried to have one WAN interface active, and the other as failover only, forcing the traffic to use only one interface but network connecivity is intermittent while surfing the web.

    Looks like it will work only if I have a single WAN interface active… Do you know a method to force all traffic to a single interface so that the VTUN interface can route all the traffic into that path? Thanks in advance

        • Hello, Ruud, William,

          Excellent guide, Ruud, and thank you for your effort. I think the DNS Servers here would be 1.1.1.1 and 1.0.0.1. If, however, Cloudflare DNS also runs a server at 1.1.0.0, that is good to know. The first (1.1.1.1) probably responds all the time anyway, so the second (1.1.0.0) isn’t being queried at all. Cloudflare DNS might never need a 2nd or backup server (1.0.0.1), but good to have the 2nd DNS server just in case.

          Keep up the good work. I’ll try to send coffee via Patreon!

  12. Great article – almost exactly what I am looking for. This might be useful to many people: If possible, can you please add how to route just a range of IP addresses through ExpressVPN, instead of everything? The idea being to be able to “re-geolocate” a SmartTV, Roku, etc. for geolock situations. THANKS!

  13. Hi, Rudy. Thanks for the tutorial. I was reading a prior comment where a guy was asking how to access local computers while conected to the VPN VLAN. Your answer was that he had to segregate the networks in his ER-4 router. I have a ER-6P could you point the directions to make it work? Thanks in advance!

  14. Hello Rudy, Have any of your network tried this with SurfShark? I’m keen not to lose 90% perf by implementing it as some users have experienced.

    Do you know if you have any positive feedback after implementation with SurfShark?

    BTW I followed you EdgeRouter install and it really improved my buffering/performance.

  15. Hello,
    Thank you for this guide. With your tutorial I successfully installed ExpressVPN on my Edgerouter x. I configured for the VPN server in A’dam. So, that is for only one VPN server.
    What is the easiest way to be able to connect to other VPN servers, just as in the ExpressVPN app?
    Thanks

    • There isn’t really an easy way, you will need a new configuration file. Or at least change your current configuration file with the server details of the other VPN location.

  16. Hi Rudy,

    Since the article was great but the download speed degradation was bothering me I purchased an EdgeRouter 4 with more CPU power.
    Most of the configuration listed works, but I’m getting 2 errors / warnings that prevent me from setting up properly, can you help me figure out what to do / change?

    First warning happens after the second commit command:

    [email protected]# commit
    [ service nat rule 5000 outbound-interface vtun0 ]
    NAT configuration warning: interface vtun0 does not exist on this system

    The second happens here:
    [email protected]# set interfaces switch switch0 firewall in modify SOURCE_ROUTE
    interface switch switch0: does not exist
    Value validation failed
    Set failed

    Thanks in advance!

    • on the line “set interfaces switch switch0 firewall in modify SOURCE_ROUTE”, change switch0 to say eth1 or whatever port you are using for your internal network. Remember the ports start with eth0 (which I use for my WAN), and then eth1 & 2 for my internal network.)

      Hope this helps!

  17. Hi Rudy,

    Thanks again, great article. I managed to get the OpenVPN working instantly using a different VPN provider though. However… the performance drop is too much to cope with, in my experience the download speed dropped by 80%.
    Using the same VPN server and their app which uses IKEv2 protocol my download speed only dropped like 10%.

    Would it be possible for you to describe how to configure VPN using the IKEv2 protocol on the router (if at all possible)? If so I’d be willing to compensate you as I bet many others would as well 😉

  18. Hello,
    can you give me an example how the format look to and username and password looks?

    Step 3 Next, create a new file on your computer and name it vpnauth.txt. Open the file and type in your ExpressVPN username and Next, create a new file on your computer and name it vpnauth.txt. Open the file and type in your ExpressVPN username and password, you will find these the My Account section where you also downloaded the configuration file.

    Make sure that the username and password are each on their own line., you will find these the My Account section where you also downloaded the configuration file.

    Make sure that the username and password are each on their own line.

    Thank you!

    • You can also do it the same way as in the ExpressVPN section: “ExpressVPN Configuration for the EdgeRouter”. Where I use a vpnauth.txt file for the username and password.

  19. I have the same drop on bps when using the edgerouter as VPN client. From 200 to 30 Mbps. that is a lot. If I use the app/software delivered with the vpn provider I go from 200 to 180Mbps using the same VPN IP ofcourse.
    I notice in the log that when negotiation the cypher encryption the edgerouter want to use the cipher AES-256-CBC and the remote server the other one GBR i think it was. So i changed the last part CBC to GBR but that was also not working at all.
    So I will stick to the software from the VPN provider.

  20. Hi, I was so happy to find this post. However I get an error after the first commit OpenVPN configuration error: Failed to start OpenVPN tunnel. Not sure where to go from here. Any help would be appreciated. I am using ExpressVPN and Edgerouter Lite.

  21. Hi, I’ve set up a VPN with ProtonVPN which works fine, at multiple servers, but saw a drop in bandwith to 20 Mbps in two cases (both without VPN 100 Mbps and 50 Mbps: other connection). I used IKEv2, UDP protocol, had max 40% load of server, unlimited bandwidth.
    With a VPN client installed on a desktop in the same network, without the vpn on the edgerouter of course, I reached 90Mbps, the bottleneck has to be the Edgerouter. Any thoughts on this?

    • Yeah, the problem is the CPU of the Edgerouter X. OpenVPN is completely software driven, so the speed of the CPU really determines the speed you can get over OpenVPN. The ER-4 is better suited in this case.

  22. Hello Ruud.

    Thank you so much for sharing this great how-to guide – I followed it and everything worked right away!

    I see the firewall rule is set to be valid for the whole 192.168.1.0 network.

    Now I am wondering if it is possible to somehow make the firewall rule valid for only source UDP video protocol ? Or for destination sites like YouTube or Twitch ?

    In other words, I want to route outbound UDP video through vtun0 and all other traffic through eth0 (WAN).

    Is this possible ?

    Thanks in advance!

  23. Hi Ruud,

    I used your guide to install Expressvpn on my Edgerouter X and it worked fine. Unfortunately, my download speeds dropped from 275 mpbs to 17 mpbs. If i disable the VPN, my download speeds return to 275 mpbs. I am not sure why. Any help would be appreciated.

  24. Thanks Ruud, this helped a lot.

    Is there a way to access my devices behind my Edgerouter when the tunnel is on?
    For example, camera feeds, NAS, or Windows server.
    I have a DDNS setup with DYNDNS.

    Or am I going to have to utilize separate ports on my ER4 and not use VLANs?

    • You will need a separate port indeed. If you route all your traffic up the VPN connection, then the only way to enter your network is through to the opposite side of the VPN, but that ain’t going work. So indeed, split your network is the best way to go here.

  25. Is there a way to route the traffic from 2 specific devices OUTSIDE of the expressVPN and instead go via the usual WAN?

    Or better yet, a way to route traffic outside of the VPN based on the destination DOMAIN NAME (Not the IP).

  26. Hey – I wanted to say THANK YOU for taking the time to write and share this. I’ve been fighting to figure out how to setup express vpn on my new edgemax for days.

    I’m left with 2 questions now that it is working.

    1) How might I TEMPORARILY disabled the VPN when needed? As at present, disney+ will not work if connected to a VPN.

    2) How might I use a dynamic IP service or similar to somehow get my PLEX server available to the outside world again?

    I TOTALLY understand if you don’t have an answer or indeed the time to reply. I feel cheeky enough even asking.

    Whatever the case, thank you so very much again for sharing your knowledge and time with the rest of us as we all try to get better.

      • Great article Rudy, thanks! I’m going to try this tonight but I was curious as to how to restore the configuration changes made.. in case I mess up.

        The disable comment above helps a bit, but any thoughts on how to rollback all configuration changes made during the setup? Or; what should I backup and restore?

        • Hi Koen,

          For a full rollback for the settings, I would indeed recommend to make a backup and restore it. That is probably the easiest way, besides disabling the VPN connecting.

  27. hi Ruud, thanks for your article. I refer to “How to setup an Edgerouter as VPN Client”. I have a MikroTik Desktop Gigabit Router-RB2011iL-IN and Nord VPN, as mentioned in the first part of your article. My router is different from the Edgerouter in the above article.
    Question: how would the configuration be different for my router?

    Thank you very much,
    Joop Vis – South Africa

  28. I have spent all afternoon to get this working. Edgerouter accepts all commands, but DL speed falls down from 205Mb/s to 5.5. Tried 4 different servers from UK and from NL, all same results… Only way to get it right again is a hard factory reset of the ERX.
    There are ways to delete VPN setting in Putty (Or ERX’s CLI), but the response is always: “Nothing to delete (the specified node does not exist)”

  29. Hello Ruud,
    At the advice of NordVPN techies I switched to the NordLynx protocol, which is indeed much faster.Will the above also work for this protocol?
    Also, if you have time, could you write how to program Edgerouter X so one can safely access the LAN from the outside world?
    Many thanks Ruud!

  30. Hi, thanks for the guide, in my EdgeRouter 10x I had to include this line for it to work:

    set firewall modify SOURCE_ROUTE rule 10 action modify

  31. Hi I followed your guide step by step, my issue is i want to restrict vtun0 to my vlan user for tath i have switch0.2 with address 192.168.3.0/24, i have done the same steps that u mentioned but in source address i putted my vlan address. when i enable openvpn i dont get internet on my primary lan also. can u help me in setting up. Thanks in advance

    my Wan is pppoe
    My Lan eth1 is 192.168.1.0/24
    My Lan eth2 is 192.168.2.0/24
    Then i have Vlan on Switch 0 vif 2 : 192.168.3.0/24

    I want all vlan 2 traffic to pass through Open Vpn tunnel and all other through PPPoE .

  32. Hi Ruud,
    I followed the instruction to install NordVPN on my Edgerouter X. All went well, NordVPN server NL473 was advised so I used these settings. After running the script, I checked and it turned out the server was in Rumania, and my DL speed went down from 310 Mbps to 15.9…. auch… Luckily I had a backup file to undo the script, but I am still wondering why this happened, and if there is a way to be sure that the server is indeed the one that one seeks?
    Thanks for all your great articles!

  33. Hi Ruud,
    I followed the instruction to install NordVPN on my Edgerouter X. All went well, NordVPN server NL473 was advised so I used these settings. After running the script, I checked and it turned out the server was in Rumania, and my DL speed went down from 310 Mbps to 15.9…. auch… Luckily I had a backup file to undo the script, but I am still wondering why this happened, and if there is a way to be sure that the server is indeed the one that one seeks?
    Thanks for all your great articles.

    • Hi Arie,

      That the download speed drops is normal, but that shouldn’t be more than 30%. You can also pick a server your self, try one in the UK to see if you get a better result.

  34. set interfaces switch switch0 firewall in modify SOURCE_ROUTE

    give me an error

    Value validation failed
    Set failed
    [edit]
    [email protected]# set interfaces switch switch0 firewall in modify SOURCE_ROUTE
    interface switch switch0: does not exist

    • Change switch to ethernet, and switch0 to ethX (eth0 or eth1 or eth2, or whatever physical ethernet port goes to your LAN for the VPN).

      Switch is a virtual group of ethernet connections (I think). If you are not using switches, or if you want to use the VPN on all connections to a physical ethernet port:

      switch (virtual) = ethernet (physical port)
      switch1 (name of switch) = eth1 (name of physical port on router)

      The names can vary; eth0, eth1, eth2 can all be included in one virtual switch. But that gets complicated so I just use the physical ethernet port.

  35. Hi,

    I was wondering if you have step to step guide on how to configure step by step Cisco Sg350-10p for a home network. several home computers including laptops, home lighting – Philip Hue, Sonos, printers, smart Tvs, streaming boxes, game console. Currently have modem router combo from Verizon cable company, etc. Thank you in advance.

    • It should be possible, but I can’t test it right now. I think the main part is pretty much the same, but it seems you will need to add this masquerade:

      set service nat rule 5004 description "masq to vpn vtun0"
      set service nat rule 5004 destination address 0.0.0.0/0
      set service nat rule 5004 outbound-interface vtun0
      set service nat rule 5004 type masquerade

Leave a Comment

0 Shares
Tweet
Pin
Share
Share