MultiWAN / VPN on VLAN?

Started by +DS_DV+, September 10, 2018, 10:23:32 AM

Previous topic - Next topic
Print
Go Down Pages1 2
User actions
September 10, 2018, 10:23:32 AM Last Edit: September 11, 2018, 01:50:22 PM by +DS_DV+
Hello OPNSense Community,

since a week i try to figure out ho i can get my oVPN client 'bound' to a VPN.
The VPN is succesfully set up (but when its started all internet is gone).

I followed several tutorials like:
https://philsheets.me/blog/multi-vlan-vpn-endpoint-pfsense-network/
https://forum.opnsense.org/index.php?topic=4979.0

since it also has the VPN boutn to a VLAN and other traffic to other networks.

my goal is just that the VPN is reachable through a VLAN (lets call it ID10) and rest of the traffic goes to wan.

Can someone help me here?
My trouble points seem to be the gateway and routing. The Firewallrules look ok so far.

with kind regards
+DS_DV+

PS: if someone would be willing to visit my TeamSPeak a/o TeamViewer i would gladly spend some of my students BAföG-money :)
with kind regards
September 10, 2018, 11:22:48 AM #1
Can you draw a small picture of your infrastructure and what you want to achieve? Also with IP addresses and traffic flows ...
September 11, 2018, 12:10:18 PM #2 Last Edit: September 11, 2018, 08:26:24 PM by +DS_DV+
Quote from: mimugmail on September 10, 2018, 11:22:48 AM
Can you draw a small picture of your infrastructure and what you want to achieve? Also with IP addresses and traffic flows ...



Sorry for the delay.
i tried to draw an overview
with kind regards
September 12, 2018, 06:21:28 AM #3
Ok, understand the network, you talked about VLAN10. In this picture VLAN10 is your Wifi?
Do you want to connect with OpenVPN via WAN or from Wifi?
September 12, 2018, 09:15:38 AM #4
Quote from: mimugmail on September 12, 2018, 06:21:28 AM
Ok, understand the network, you talked about VLAN10. In this picture VLAN10 is your Wifi?
Do you want to connect with OpenVPN via WAN or from Wifi?

Yes. But after making this picture i thihnk it would be better to put the whole VLAN 50 into the VPN.
Afterwards i can always add 10 if i want right?

with kind regards
September 12, 2018, 09:25:13 AM #5
Yes, but to avoid problems in future you should always use networks (Layer 3) to include to a VPN and not name it by VLAN (Layer 2) which isn't possible. :)
September 12, 2018, 10:31:24 AM #6
Quote from: mimugmail on September 12, 2018, 09:25:13 AM
Yes, but to avoid problems in future you should always use networks (Layer 3) to include to a VPN and not name it by VLAN (Layer 2) which isn't possible. :)

ok - will do :)

so how can i fix / set up what i desire?
with kind regards
September 12, 2018, 12:19:36 PM #7
Can you Post a screenshot of OpenVPN server config?
September 12, 2018, 01:32:23 PM #8
its a client.

i think it may work as a 2nd wan?
if its connected it looks like in the attachment.
but when its connected i cant reach the internet seems to be unreachable from any point in the lan.


an OVPN server will be the last step in the plan of building my home network.
[best would be if Client -> VPN (to home) -> LAN -> VPN (the one we are setting up right now) -> internet would work] - but for now i would be happy if my desired VLAN would use the VPN to get to the internet :)
with kind regards
September 12, 2018, 04:05:03 PM #9
Sorry, I dont get it. OPN is your WAN Firewall and should act as server or client?
September 12, 2018, 04:22:23 PM #10 Last Edit: September 12, 2018, 04:43:43 PM by +DS_DV+
Quote from: mimugmail on September 12, 2018, 04:05:03 PM
Sorry, I dont get it. OPN is your WAN Firewall and should act as server or client?

the end goal is that it does both.

at the moment it just should act as a client.
but only specific networks / vlans should go through the (client)VPN.


later when everything is set up i want for example my laptop from sisters house to conect to the OPNsense firewall (acting as a VPN server) because i want to access the LAN (home) an from there exit to the internet using the (client) VPN of the firewall.

//EDIT1:  i drew a picture :)

The external stuff is not importent right now. For now i just want the VPN Client stuff to run ^^
with kind regards
September 14, 2018, 10:52:35 AM #11


can anybody help? i cant pay much but i would appreciate it very much!
i have a feeling its just fw-rules and gateway setups
with kind regards
September 14, 2018, 01:01:47 PM #12
Given that all interfaces are setup and this comes down only to routing, I would recommend to set the default gateway to WAN and use policy-based routing to route the ip ranges on vlan 50 through the VPN provider gateway.
September 14, 2018, 02:29:19 PM #13
Quote from: namezero111111 on September 14, 2018, 01:01:47 PM
Given that all interfaces are setup and this comes down only to routing, I would recommend to set the default gateway to WAN and use policy-based routing to route the ip ranges on vlan 50 through the VPN provider gateway.

hey thanks for the hint.
i tried so many things in the last week (my holiday) but seems i cant get it working :(
would you mind helping me via TeamViewer and TeamSpeak?
with kind regards
September 14, 2018, 05:36:34 PM #14
Monday, 9:30am IRC
Print
Go Up Pages1 2
User actions