Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
route LAN traffic to VPN connection _or_ WAN (direct to internet connection)
« previous
next »
Print
Pages: [
1
]
Author
Topic: route LAN traffic to VPN connection _or_ WAN (direct to internet connection) (Read 4303 times)
intrepid2007
Newbie
Posts: 14
Karma: 1
route LAN traffic to VPN connection _or_ WAN (direct to internet connection)
«
on:
December 25, 2016, 01:55:28 am »
Hello,
I am new to OpnSense and I recently started playing with it to see what it's possibilities are...
The software runs on a mini-pc with 2 NIC's (a LAN port and WAN port).
My goal is to configure the router in such a way that it routes LAN traffic to:
1. a VPN connection _
_or_
2. to the WAN (direct)
depending on the IP address of the device in the LAN.
First of all I'd like to know if that's possible, because until now I can't get it to work like that....
The documentation of OpnSense is rather rudimentary for beginners like me, so I am kind of stuck here....
My setup:
LAN IP mini pc : static (10.0.0.1/8), DHCP server is enabled
WAN IP mini pc: DHCP (192.168.1.13)
Also configured is an OPT1 interface (VPN client connection)
The WAN port is connected to the DSL modem (IP=192.168.1.254)
The LAN port is connected to my laptop (IP=10.0.0.100)
I have been playing with these settings:
In [Firewall -> Rules] I have defined two rules in LAN:
IPv4 TCP/UDP * * * 53 (DNS) * 'DNS'
IPv4 * * * 10.0.0.100/8 * WAN_DHCP 'LAN to WAN'
IPv4 * * * 10.0.0.101/8 * OPT1_VPNV4 'LAN to VPN'
In [Firewall -> NAT -> Outbound] I have defined two entries:
OPT1 any * * * OPT1 address * NO
WAN any * * * WAN address * NO
I am not sure if I am in the right direction....
Any ideas on how I could get this to work?
Thanks!
Logged
intrepid2007
Newbie
Posts: 14
Karma: 1
Re: route LAN traffic to VPN connection _or_ WAN (direct to internet connection)
«
Reply #1 on:
December 26, 2016, 10:58:42 pm »
After several days of experimenting, I think I finally got it figured out (it appears to be working now
)....
For those that are interested, I explain what I have changed....
It appears that if you want to specify a
specific
IP address for routing, you need to use a mask of <255.255.255.255>
(/32).
In Firewall --> Rules:
IPv4 * 10.0.0.100 * * * OPT1_VPNV4 Allow LAN to VPN
IPv4 * 10.0.0.99 * * * WAN_DHCP Allow LAN to WAN
These 2 rules do the 'magic' here:
- Traffic from LAN device with IP=10.0.0.99 is routed to VPN,
- Traffic from LAN device with IP=10.0.0.100 is routed to WAN (direct)
One thing I noticed is that the 2 IP-adresses are shown without the '/xx' (this is due to the
/32
setting, I guess)
Grtz
«
Last Edit: December 26, 2016, 11:02:29 pm by intrepid2007
»
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
route LAN traffic to VPN connection _or_ WAN (direct to internet connection)
