VPN VLAN (unifi + PIA)


I’m wanting to setup a VLAN on my network (unifi USG, switches and WAP) in order to route traffic from a certain IP through a VPN (current provider is PIA).

At the moment I have OpenVPN software running on the machine but it keeps dropping out and the ‘kill switch’ feature doesn’t seem to work, so I thought that doing it on the router would be a better solution.

My question is would this work and would the machine still be accessible on the local network (remote desktop, programs running such as plex)?

Because you are proposing do the traffic routing on the router the local IP address of that machine will still be a accessible as long as you don’t create any rules to block it.

As Tom already mentioned, this will work.

However, keep in mind that you are moving the task of encrypting and decrypting the VPN Traffic to your firewall. So depending on the amount of traffic your VPNed box is pushing and your firewall hardware, you might want to keep an eye on your firewalls load (averages).

You mentioned that you are using PIA so could always use their own software with it’s “kill switch”. Also, if you are using this box for torrenting, you could look into using PIAs SOCKS5 Proxy instead of the VPN.

1 Like

On my network I have a VLAN set up for PIA. It only has the VPN tunnel as a gateway. So if the tunnel goes down for whatever reason, no traffic on that subnet gets out to the internet as they only gateway they know is down.

I did have that set up on a VM behind a USG for a while, but the PIA connection is much more reliable now that I replaced the USG with a pfsense box and run everything on it.

1 Like