Novice to VPNs - Question

Hi - my internet relies on a t-mobile hotspot (M2000 - 5G), which will be connected via USB only to surf soho (wireless from the hot spot disabled - WAN over USB only).

Video streaming appears to be throttled when operating in 5G - to about 2-3 Mbps (something done by T-mobile I think, and to get around, you must switch to 4GLTE APN and IPv4 - which basically means speeds are unusable).

To bypass, I downloaded the peplink open vpn client, signed up for a freebie protonvpn account, and activated it on the pepwave surf soho. It appears to be working.

I’m most concerned with streaming on tv - which is on a dedicated VLAN.

If my outbound policy is destination address of the IP network for the video vlan, and the distribution weight only set for the OpenVPN WAN link (all others set to zero) - should that mean the streaming video is behind the VPN?

TIA for any confirmation.


For your requirements you probably want to have the outbound policy match the SOURCE of traffic, in this case that is your TV.

You could do this by matching the subnet that the TV is in, of assign the TV a static IP and match just the single address.

The destination you could probably leave as ANY as that way you will be sure to capture all of the traffic from the TV rather than trying to guess what domains or IP ranges you need on the destination side.

For the rule type I would use PRIORITY and set the VPN to the top of the list, you could then put your other WANs below that or just leave only the VPN in the list and tick the “fall through to next rule” option.

I’d also tick the “terminate sessions on recovery” box, so if the tunnel goes up and down the TV would be bumped back to sourcing traffic from it once it became available again.

Remember outbound rules are processed from the top of the list downwards in order, make sure nothing above the rule for your TV would match traffic else it will not work as expected, if you get stuck you would probably need to post some screenshots showing the outbound policy configuration and some details of the IP addresses you want to steer to the VPN.

Thank you. Hopefully have it configured correctly. I don’t quite get how the Priority setting inside the rule interacts with the WAN connection status priority (on the dashboard). Should the VPN be at priority 1 in both locations? Both WAN connections only both seem to be active/connected if both USB and the VPN WAN are set at Priority 1 in the dashboard, with USB above the VPN wan below that.