Skip to main content

User Manual

Connection policies

Connections provide access to external networks — the Internet and all others over Ethernet3G/4G, ADSL / VDSL, Wi-FiVPN. Keenetic routers support multiple simultaneous connections (usually called Multi-WAN). In such cases, the order in which connections are used determines priorities. The highest priority makes the connection the default one.

Note

When you turn on the router, the default gateway will be the Internet connection gateway with the highest priority. If your Keenetic has multiple connections and the default connection fails, the gateway will be the next priority available connection with Internet access.

You can increase or decrease the priority of any connection in the web interface by simply dragging and dropping the name in the list. In addition to the Default policy with all connections, you can create others. They may only include the specific connections you need, with their priority setting, and be bound to specific home devices and network segments. In other words, this feature is called Policy-Based Routing (PBR).

By default, all unregistered devices in the basic 'Home' and 'Guest' segments are bound to the default policy. You can also create your own segments, such as your children's devices or smart home appliances. Any network client can be registered, and then it can be individually bound to the desired connection policy. Binding is also done by dragging the device or segment onto the policy.

Home users can appreciate PBR when solving the following actual problem: letting specific devices in the network go through a VPN connection and the rest — through the main ISP. Also, it opens up the possibility of load balancing when using 3G/4G modems with traffic limitations.

Configuration of priorities and policies can be found in the web interface on the 'Connection Policies' page.

Let's take an example of a Keenetic router that uses multiple connections to the Internet. An ISP provides a default connection over a leased line, and in addition, the router establishes an IKEv2 VPN connection, through which the Internet is also available. You need to configure all home clients to connect to the Internet via the primary connection, and a single device (host named PS4pro) will use the VPN connection to connect to an external network.

  1. A separate Internet connection policy must be configured. On the 'Connection Policies' page, on the 'Policy Configuration' tab, click '+ Add policy' and enter the name of the new policy. Here, a policy is a set of routing rules that apply to traffic from hosts when they access the Internet.

    Note

    A maximum of 16 policies can be created in KeeneticOS.

    In our example, the added policy (GamePal) is intended to provide access only through an IKEv2-VPN connection.

    On the right side of the 'Connection' column, you only need to check this connection and save the settings.

    connection-priorities1-en.png

  2. Also, on the 'Connection Policies' page, click the 'Policy Bindings' tab. The 'Show all objects' option allows you to display all the clients registered in the local segments of your Keenetic router, as well as the local network segments themselves.

    connection-priorities2-en.png

    You can select multiple objects with the mouse. In our example, we need only one object, the 'PS4pro' client, to be dragged and dropped on to the previously created 'GamePal' policy.

    connection-priorities3-en.png

  3. This completes the configuration. Make sure that the IKEv2-VPN connection used in the policy is enabled and configured to access the Internet (the 'Use for accessing the Internet' option is enabled). This can be done on the 'Other Connections' page.

    connection-priorities4-en.png

    Now that the 'PS4pro' device needs to connect to the Internet, the router will send its request over an IKEv2-VPN connection. All other devices on the router's LAN will be connected to the Internet via the primary connection.

  4. If necessary, you can check or change the connection policy of each client on your Keenetic device's network on the 'Client Lists' page.

    connection-priorities5-en.png

    Note

    Only DNS servers obtained from connections in the policy are added to this policy. The same applies to any additional DNS server that was added manually for a specified interface. If a custom DNS server is added without specifying an interface (the 'Connection' field is set to 'Any'), it is used by all policies.

    By default, a Keenetic router prohibits using DNS servers received on an interface not included in a policy. If the same DNS address is received on different interfaces, it can be used only for the main connection.

With the Connection Policies mechanism, it is also possible Using multiple WAN connections in load balancing mode (configuring from the CLI).

In this section: