RUTX50 wireguard VPN, but only to affect specific local IP addresses?

dimitris156 · April 15, 2025, 11:19am

Greetings, i own a rutx50, and i have setup wireguard with mullvad, and i was wondering if i can make the router VPN to affect only a specific local ip address, the one that my TV has. so the rest of the network is not under a VPN tunnel.

Kind regards,

Martynas · April 16, 2025, 7:27am

Hello @dimitris156,

Thank you for reaching out.

Could you kindly clarify your required setup a bit further? From your description, if I understood correctly, you’d like to route all the traffic from your TV (a specific local IP address) through the WireGuard VPN tunnel you’ve set up while keeping the rest of your network traffic outside the VPN. Please correct me if I’m wrong.

Thank you!

Kind regards,

dimitris156 · April 16, 2025, 8:20am

Hi there Martynas, yes that’s exactly what I want to do.

Martynas · April 16, 2025, 9:10am

Thank you for confirming.

In this case, yes, the setup you described is achievable and involves a combination of wireguard client configuration adjustments and policy based routing rules. To configure this, please follow these guidelines:

1. Create a Policy-Based Routing Table

Go to Network → Routing → Policy Based Routing
In the “Add new instance” section:
- Choose a Table ID (e.g., 400)
- Enter a Name (e.g., wgtv)
- Click Add

2. Add Static Route to the Table

Inside the routing table configuration:
- Add a static IPv4 route
- Set Interface to your wireguard client
- Use the VPN server’s IP as the IPv4 Gateway
- Click Save & Apply
- Screenshot from my setup for reference:
  
  image1184×457 20 KB

3. Create a Policy Rule for the TV

On the same Policy Based Routing page:
- Click Add under “Routing Rules for IPv4”
- Set:
  - Incoming Interface: lan
  - Source Address: Your TV’s local IP with /32 (e.g., 192.168.1.120/32)
  - Lookup Table: The one created earlier (e.g., 400)
    
    image799×578 17.1 KB
- Click Save & Apply

4. Adjust WireGuard Client Peer Settings

Navigate to Services → VPN → WireGuard
Click Edit on your client configuration
Scroll down and press Edit on peer’s configuration:
- In Allowed IPs, enter 0.0.0.0/0
- Go to Advanced Settings
  - In Routing Table, enter the same Table ID (e.g., 400)
  - Make sure “Route Allowed IPs” is unchecked/disabled
    
    image788×385 20.2 KB
    
    image807×398 15.5 KB
- Click Save & Apply

After completing the configuration, this setup should ensure that all traffic from your TV goes through the wg VPN tunnel.

Note: If the setup doesn’t work, enable Route allowed IPs option.

Let me know if this helps or if you need assistance.

Best regards.

dimitris156 · April 17, 2025, 12:35pm

thank you for your reply Martynas, it worked. i just noticed 2 things i would like to mention, on the tv i used the website ipleak.net to check the info, IPV6 was “unreachable” or not valid,

and the DNS was not the VPNs DNS but instead my custom adguard ones i have set on the WAN table.

i dont think it matter since the IPV4 is the VPNs IP but i would like to have them tidy up if possible, and you have the time to explain it to me.

and part B, to spice things up, would it be possible this “routing” TV>VPN>internet to happen only when the TV tries to connect to a specific IP address/host (my IPTV provider), so VPN will only work when it connects to that IP, but the rest of the TV stays out of the VPN tunnel?

TV>internet
and when i use iptv which connects to a specific host/ip then
tv>vpn>iptv host.

Kind regards and thank you for your time!

dimitris156 · May 4, 2025, 9:46pm

hey @Martynas any chance i could do this? the previous post i made.

flebourse · May 5, 2025, 12:54pm

Yes, replace the 0.0.0.0/0 value in the Allowed IPs list by the address of your IPTV provider.