• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1268
  • Last Modified:

Linksys RV042 at home office / split tunnel

I'm looking at installing a Linksys RV042 router at my house and then setup a VPN tunnel to my office which has a Watchguard XTM 23 firewall/vpn.  I'm doing this mainly because I need to install an IP phone at the house which connects to the office pbx - i know there are softphones that can do this but I want to use an IP phone.

I also need the home office network setup in such a way so that only the IP phone and a dedicated workstation has access to the VPN tunnel and other family computers at the house should not have access to the VPN tunnel.

What is the best way to accomplish this?  Can I restrict access to the VPN tunnel based on MAC addresses with the RV042?

I have managed to setup the RV042 so that the tunnel comes up but i'm not sure how to restrict access to the tunnel.
  • 3
1 Solution
John HurstBusiness Consultant (Owner)Commented:
In the RV042, in the VPN setup, under Local Group Setup for the specific tunnel, you can set the local IP to be just the single IP of the machine you want. People can spoof IP's and MAC address, so the security is about the same. Since it is in your home, it should work.  See the example below. ... Thinkpads_User

MedrxAuthor Commented:
So do I then have to setup another Subnet on the RV042 that will be used for local 'family' pcs which will not be allowed access to the vpn tunnel?  
How do i setup DHCP on the router to assign the correct ips for the appropriate pcs - for example I would like to have my work PC get an IP in the range of 192.168.190.x  and family PCs get 192.168.2.x
Do I have to add rules to the RV042 firewall so that the 192.168.2.x network can't access the vpn tunnel OR that is already implied since its a different network?
John HurstBusiness Consultant (Owner)Commented:
You can look at rules in the RV042. You can also bridge a wireless router to the RV042 because wireless routers often have MAC address control.

The IP for the device is set in the Local Security Group Type above. Use IP instead of Subnet and pick the IP you will allow. If the IP were a wireless router, then you have that flexibility as well.

So to your question above, if you allow only IP 192.1568.1.13, then only that device and none others will have acces to the tunnel. Set the RV042 to hand out addresses from 100-200 and set the one device to be static. .... Thinkpads_User
John HurstBusiness Consultant (Owner)Commented:
Thank you. I was pleased to assist you. ... Thinkpads_User
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now