Unifi USG Route VLAN over OpenVPN Client

Astrill VPN: https://www.astrill.com/a/zxysdxy3giwx

Step by Step guide to creating a separate VLAN and routing internet traffic over a VPN connection.

Based on this guide with a few updates: https://community.ubnt.com/t5/UniFi-Routing-Switching/USG-Route-VLAN-over-OpenVPN-client/m-p/2146180/highlight/true#M66804

Quick Note: if using a USG3p and not a USG Pro change the eth0 to eth1, also be sure the goto the USG config and ports tab and assign the 3rd port to WAN2 that you created in the Networks page.

config.gateway.json

{
“firewall”: {
“modify”: {
“SOURCE_ROUTE”: {
“rule”: {
“10”: {
“action”: “modify”,
“description”: “route vlan 50 to Astrill Dallas-2”,
“modify”: {
“table”: “5”
},
“source”: {
“address”: “192.168.50.0/26”
}
}
}
}
}
},
“interfaces”: {
“ethernet”: {
“eth0”: {
“vif”: {
“50”: {
“firewall”: {
“in”: {
“modify”: “SOURCE_ROUTE”,
“name”: “LAN_IN”
}
}
}
}
}
},
“openvpn”: {
“vtun0”: {
“config-file”: “/config/openvpn/Dallas-2.ovpn”
}
}
},
“protocols”: {
“static”: {
“table”: {
“5”: {
“interface-route”: {
“0.0.0.0/0”: {
“next-hop-interface”: {
“vtun0”: “””
}
}
}
}
}
}
},
“service”: {
“nat”: {
“rule”: {
“5004”: {
“description”: “masq to vpn vtun0”,
“destination”: {
“address”: “0.0.0.0/0”
},
“outbound-interface”: “vtun0”,
“type”: “masquerade”
}
}
}
}
} .