How can I set up a client to site VPN with selective routing

MIT Posts: 1
edited April 2021 in Security

We currently have an OpenVPN setup on our external network that allows our team to connect to the VPN and gain access to various cloud servers on our extended network. The VPN is set up to not forward all internet traffic but only traffic to selected routes within our infrastructure. This works really well but it is hosted on our external infrastructure.

We have a strong high-speed fibre connection at our HQ and we've been testing using a Zyxel USG40 as a VPN service as we have unused capacity on our connection. However - and this is where I reveal myself to being a little inexperienced - I'm struggling to find a way to limit the WAN traffic to only traffic to our cloud servers. It currently sends all traffic (LAN & WAN) through the VPN.

While it's good that the LAN traffic is correctly routed, we don't want all WAN traffic passing through our office if we can help it. Is this something possible with Zyxel devices or should I look at bringing our OpenVPN setup inside our office?


  • Zyxel_Jerry
    Zyxel_Jerry Posts: 1,056  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer

    Hi @MIT

    Welcome to Zyxel community

    Add policy route can achieve the purpose.

    Here is the example to add policy route

    Go to Configuration > Network > Routing > Policy Route > click Add

    Select the Incoming Interface, Destination Address to server and select next Hop to tunnel

    After add the destination to server, add the other rule for other traffic destination is not going to server.

Security Highlight