OPNsense Forum
English Forums => Virtual private networks => Topic started by: borgobio on March 12, 2024, 12:47:56 am
-
Hi, I'm trying to setup OPNsense so that 1 LAN (192.168.0.0/24) goes on WAN with the public ip assigned by my ISP and another LAN with a different subnet (192.168.3.0/24) uses a VPN (protonVPN) already configured on OPNsense.
Unfortunately, I'm unable to make it work, I can get VPN on both or ISP's IP on both...
I created 2 manual outbound rules for WAN (PPPoE with my ISP) and VPNWAN (virtual interface associated with openvpn) but it seems that this way I only have internet access on 192.168.3.0/24 with VPN but no on 192.168.0.0/24 (well, pings go through and telegram works, but if I try to load any non-cached page, it's timeout).
https://imgur.com/a/w521HUE
I suspect it has something to do with the automatically created rule but I'm stuck here...
(I know the VPNWAN rule is disabled, ofc it was enabled when debugging)
-
Your pic shows NAT outbound rules, you also need pass rules on each interface:
On LAN interface, create a pass rule with destination: !(not) This firewall, gateway: WAN.
Create a same rule on LAN2 interface, except with gateway: VPNWAN.
-
Your pic shows NAT outbound rules, you also need pass rules on each interface:
On LAN interface, create a pass rule with destination: !(not) This firewall, gateway: WAN.
Create a same rule on LAN2 interface, except with gateway: VPNWAN.
Indeed, that was it, although now when I connect to VPN, any port forwarding on my ISP's IP is blocked.
VPN OFF => 95.231.234.179:61881 => open
VPN ON => 95.231.234.179:61881 => closed
95.231.234.179 is my ISP's IP.
It seems that stuff can get it but can't get out...
https://imgur.com/a/xxsbgxe