Connections provide access to external networks - the Internet and all others over Ethernet, 3G/4G, ADSL / VDSL, Wi-Fi, VPN. Keenetic routers support multiple simultaneous connections (usually called Multi-WAN). In such cases, the order in which connections are used determines priorities. The highest priority makes the connection the default one.
TIP: Note: When you turn on the router, the default gateway will be the Internet connection gateway with the highest priority. If your Keenetic has multiple connections and the default connection fails, the gateway will be the next priority available connection with Internet access.
You can increase or decrease the priority of any connection in the Web interface by simply dragging and dropping the name in the list. In addition to the Default policy with all connections, you can create others. They may only include the specific connections you need, with their priority setting, and be bound to specific home clients and network segments. In other words, this feature is called Policy-Based Routing (PBR).
By default, all unregistered clients in the basic 'Home' and 'Guest' segments are bound to the default policy. You can also create your own segments, such as your children's devices or smart home appliances. Any client device can be registered, and then it can be individually bound to the desired connection policy. Binding is also done by simply dragging the device or segment onto the policy.
Home users can appreciate PBR when solving the following actual problem: letting certain devices in the network go through a VPN connection and the rest - through the main ISP. Also, it opens up the possibility of load balancing when using 3G/4G modems with traffic limitations. Refer to the guide Example of setting up access for certain devices via different internet connections.
Configuration of priorities and policies can be found in the web interface on the 'Connection priorities' page.
Let's take an example of a Keenetic router that uses multiple connections to the Internet. An ISP provides a default connection over a leased line, and in addition, Keenetic establishes an OpenVPN VPN connection through which the Internet is also available. You need to configure all home devices to connect to the Internet via the primary connection, and a single device (host named OnePlus5T) will use the VPN connection to connect to an external network.
1. A separate Internet connection policy must be configured. On the 'Connection priorities' page, on the 'Internet connection policy' tab, click '+ Add policy' and enter the name of the new policy. Here, a policy is a set of routing rules that apply to traffic from hosts when they access the Internet.
TIP: Note: A maximum of 16 policies can be created in KeeneticOS.
In our example, the added policy (Mobile) is intended to provide access only through an OpenVPN connection.
On the right side of the 'Connection' column, you only need to check this connection and save the settings.
2. Also, on the 'Connection Priorities' page, click the 'Policy bindings' tab. The 'Show all objects' option allows you to display all the clients registered in the local segments of your Keenetic, as well as the local network segments themselves configured in the router.
Holding down the Ctrl key on the keyboard, you can select several objects with a mouse. In our example, we need only one object, the OnePlus5T client, to be moved to the previously added 'Mobile' policy.
3. This completes the configuration. Make sure that the OpenVPN connection used in the profile is enabled and configured to access the Internet. This can be done on the 'Other connections' page.
Now that the OnePlus5T client needs to connect to the Internet, the router will send its request over an OpenVPN connection. All other client devices on the router's LAN will be connected to the Internet via the primary connection.
4. If necessary, you can check or change the connection policy of each client on your Keenetic network on the Client Lists page.
TIP: Note: Only DNS servers obtained from connections in the profile are added to this profile. The same is true for an additional DNS server that was added manually with the specified interface. If a custom DNS server is added without specifying an interface (the 'Connection' field is set to 'Any'), it is used by all profiles.
By default, Keenetic prohibits using DNS servers received on an interface not included in a profile. If the same DNS address is received on different interfaces (for example, on ISP and OpenVPN), it can be used only for the main connection.
With the Connection Priority mechanism, it is also possible to use multiple WAN connections in balancing mode.