How can I set up Ethernet solely for VPN traffic, and use WiFi solely for LAN traffic?

Question

I have a media server, and it has both an Ethernet and Wifi connection on it.

I would like to use the Ethernet to ONLY connect to the VPN - no LAN traffic, other than through the gateway of course. If the VPN fails for whatever reason, I don't want any connection out to the WAN. Currently the VPN I use has a "killswitch" which is supposed to stop traffic, but it doesn't work if the program crashes. This leaves the server "open" to the outside and using the main WAN line which I don't want. So that is part one, restricting Ethernet to VPN traffic only.

Part two is how to restrict the LAN traffic to Wifi. This is because since its a "server" I connect to it via RDP if I need to interface with it. If all Ethernet traffic is dedicated to the VPN then I can't connect to it locally. Since it has Wifi already I want to set it up so that the LAN can connect to the server, but I want to ensure the server does not use the Wifi to connect to the WAN in any way.

Hope this makes sense, and I'm open to hear any suggestions. Thanks

Answer 1

Everything you want can be fulfilled with basic routing rules. Set up the following routing on your machine (pseudo-code):

0.0.0.0/0 via VPN gateway (inner IP address)
VPN-server/32 via ethernet-gateway
local-network/24 via wireless adapter

This will do exactly what you need, explaining line by line:

• 0.0.0.0/0 via VPN gateway will send all traffic through the VPN. If the inner IP of the VPN gateway is not available (because the VPN is not running), then no traffic will be sent.
• VPN-server/32 via ethernet-gateway This allows only traffic to the VPN server to go out the ethernet connection.
• local-network/24 via wireless adapter this will allow access to the local network.