11-16-2017 01:07 AM - edited 11-16-2017 05:21 AM
I just got an EdgeRouter (ER-X-SFP) and I wanted to configure ExpressVPN to have only one of my machines go through the VPN. I couldn't find a step by step guide on how to achieve this but found some useful tips on different websites so I'll share what I did and maybe this will be helpful to others.
Note: I'm new to all of this so I hope this configuration is correct and secure.
1. Sign up for an ExpressVPN account on www.expressvpn.com and go to your account. Click on Set up ExpressVPN and then Manual Config to get your username and password and OpenVPN config file (my_expressvpn_usa_-_washington_dc_udp.ovpn for instance).
2. Modify the auth-user-pass line and add a new line in the ovpn config file:
auth-user-pass /config/auth/user-pass.txt route-nopull
3. Create a file (i.e user-pass.txt) with your username on the first line and password on the second line. Copy this file and the ovpn config file to /config/auth on your router using SCP.
4. Configure your router:
set interfaces openvpn vtun0 config-file /config/auth/my_expressvpn_usa_-_washington_dc_udp.ovpn set interfaces openvpn vtun0 description 'ExpressVPN' set firewall modify express_vpn_route rule 10 description 'ExpressVPN' set firewall modify express_vpn_route rule 10 source address 192.168.1.41/32 set firewall modify express_vpn_route rule 10 modify table 1 set protocols static table 1 interface-route 0.0.0.0/0 next-hop-interface vtun0 set interfaces switch switch0 firewall in modify express_vpn_route set service nat rule 5001 description 'ExpressVPN' set service nat rule 5001 log disable set service nat rule 5001 outbound-interface vtun0 set service nat rule 5001 type masquerade
Don't forget to commit and save. Basically with this configuration the device with IP 192.168.1.41 (and only this one) should go through the VPN.
That's it! This configuration seems to work for me as my Android TV (and only my Android TV) goes through the VPN.
11-16-2017 05:19 AM
There is a disable command and it is undone by deleting the disable rather than an enable command.