OPNsense Forum

English Forums => Virtual private networks => Topic started by: borgobio on March 12, 2024, 12:47:56 am

Title: 2 LAN; 1 on VPN, 1 not
Post by: borgobio on March 12, 2024, 12:47:56 am

Hi, I'm trying to setup OPNsense so that 1 LAN (192.168.0.0/24) goes on WAN with the public ip assigned by my ISP and another LAN with a different subnet (192.168.3.0/24) uses a VPN (protonVPN) already configured on OPNsense.

Unfortunately, I'm unable to make it work, I can get VPN on both or ISP's IP on both...

I created 2 manual outbound rules for WAN (PPPoE with my ISP) and VPNWAN (virtual interface associated with openvpn) but it seems that this way I only have internet access on 192.168.3.0/24 with VPN but no on 192.168.0.0/24 (well, pings go through and telegram works, but if I try to load any non-cached page, it's timeout).
https://imgur.com/a/w521HUE

I suspect it has something to do with the automatically created rule but I'm stuck here...

(I know the VPNWAN rule is disabled, ofc it was enabled when debugging)

Title: Re: 2 LAN; 1 on VPN, 1 not
Post by: zan on March 12, 2024, 11:28:06 am

Your pic shows NAT outbound rules, you also need pass rules on each interface:
On LAN interface, create a pass rule with destination: !(not) This firewall, gateway: WAN.
Create a same rule on LAN2 interface, except with gateway: VPNWAN.

Title: Re: 2 LAN; 1 on VPN, 1 not
Post by: borgobio on March 12, 2024, 03:12:54 pm

Quote from: zan on March 12, 2024, 11:28:06 am

Your pic shows NAT outbound rules, you also need pass rules on each interface:
On LAN interface, create a pass rule with destination: !(not) This firewall, gateway: WAN.
Create a same rule on LAN2 interface, except with gateway: VPNWAN.

Indeed, that was it, although now when I connect to VPN, any port forwarding on my ISP's IP is blocked.

VPN OFF => 95.231.234.179:61881 => open
VPN ON => 95.231.234.179:61881  => closed

95.231.234.179 is my ISP's IP.

It seems that stuff can get it but can't get out...
https://imgur.com/a/xxsbgxe