MultiWAN / VPN on VLAN?

[+DS_DV+]

Hello OPNSense Community,

since a week i try to figure out ho i can get my oVPN client 'bound' to a VPN.
The VPN is succesfully set up (but when its started all internet is gone).

I followed several tutorials like:
https://philsheets.me/blog/multi-vlan-vpn-endpoint-pfsense-network/
https://forum.opnsense.org/index.php?topic=4979.0

since it also has the VPN boutn to a VLAN and other traffic to other networks.

my goal is just that the VPN is reachable through a VLAN (lets call it ID10) and rest of the traffic goes to wan.

Can someone help me here?
My trouble points seem to be the gateway and routing. The Firewallrules look ok so far.

with kind regards
+DS_DV+

PS: if someone would be willing to visit my TeamSPeak a/o TeamViewer i would gladly spend some of my students BAföG-money

[mimugmail]

Can you draw a small picture of your infrastructure and what you want to achieve? Also with IP addresses and traffic flows ...

[+DS_DV+]

Can you draw a small picture of your infrastructure and what you want to achieve? Also with IP addresses and traffic flows ...

Sorry for the delay.
i tried to draw an overview

[mimugmail]

Ok, understand the network, you talked about VLAN10. In this picture VLAN10 is your Wifi?
Do you want to connect with OpenVPN via WAN or from Wifi?

[+DS_DV+]

Ok, understand the network, you talked about VLAN10. In this picture VLAN10 is your Wifi?
Do you want to connect with OpenVPN via WAN or from Wifi?

Yes. But after making this picture i thihnk it would be better to put the whole VLAN 50 into the VPN.
Afterwards i can always add 10 if i want right?

[mimugmail]

Yes, but to avoid problems in future you should always use networks (Layer 3) to include to a VPN and not name it by VLAN (Layer 2) which isn't possible.

[+DS_DV+]

Yes, but to avoid problems in future you should always use networks (Layer 3) to include to a VPN and not name it by VLAN (Layer 2) which isn't possible.

ok - will do

so how can i fix / set up what i desire?

[mimugmail]

Can you Post a screenshot of OpenVPN server config?

[+DS_DV+]

its a client.

i think it may work as a 2nd wan?
if its connected it looks like in the attachment.
but when its connected i cant reach the internet seems to be unreachable from any point in the lan.


an OVPN server will be the last step in the plan of building my home network.
[best would be if Client -> VPN (to home) -> LAN -> VPN (the one we are setting up right now) -> internet would work] - but for now i would be happy if my desired VLAN would use the VPN to get to the internet

[mimugmail]

Sorry, I dont get it. OPN is your WAN Firewall and should act as server or client?

[+DS_DV+]

Sorry, I dont get it. OPN is your WAN Firewall and should act as server or client?

the end goal is that it does both.

at the moment it just should act as a client.
but only specific networks / vlans should go through the (client)VPN.


later when everything is set up i want for example my laptop from sisters house to conect to the OPNsense firewall (acting as a VPN server) because i want to access the LAN (home) an from there exit to the internet using the (client) VPN of the firewall.

//EDIT1:  i drew a picture

The external stuff is not importent right now. For now i just want the VPN Client stuff to run ^^

[+DS_DV+]

can anybody help? i cant pay much but i would appreciate it very much!
i have a feeling its just fw-rules and gateway setups

[namezero111111]

Given that all interfaces are setup and this comes down only to routing, I would recommend to set the default gateway to WAN and use policy-based routing to route the ip ranges on vlan 50 through the VPN provider gateway.

[+DS_DV+]

Given that all interfaces are setup and this comes down only to routing, I would recommend to set the default gateway to WAN and use policy-based routing to route the ip ranges on vlan 50 through the VPN provider gateway.

hey thanks for the hint.
i tried so many things in the last week (my holiday) but seems i cant get it working
would you mind helping me via TeamViewer and TeamSpeak?

[mimugmail]

Monday, 9:30am IRC