1
Virtual private networks / OPNsense using WAN instead of Wireguard gateway group
« on: June 24, 2022, 11:25:28 pm »
Hello,
I have been working on transitioning from a Debian Linux firewall/router to OPNsense. Setup is currently as follows:
WAN : connected to ATT router
LAN : local network
Mull1,Mull2 : Connected to 2 different Mullvad Wireguard servers
ProtonFree : Free ProtonVPN Wireguard
VPN_GRP : Gateway group Mull1 and Mull2 as tier 1 and ProtonFree as tier 2
LocalVPN : Incoming VPN connections from road warrior devices
NAT is set to manual.
Outgoing connections from LAN and LocalVPN gets routed via the VPN_GRP so that is good. However all connections from the OPNsense box goes via the WAN interface including DNS queries resolved by Unbound DNS. I have set up DNS servers in System: Settings: General with one for each Wireguard gateway (I wish I could specify a gateway group) however this seems to be ignored.
Any advice on how to get the OPNsense box to use the VPN_GRP for outgoing connections and only use the WAN interface for setting up the connections to my Wireguard connections?
/Mark
I have been working on transitioning from a Debian Linux firewall/router to OPNsense. Setup is currently as follows:
WAN : connected to ATT router
LAN : local network
Mull1,Mull2 : Connected to 2 different Mullvad Wireguard servers
ProtonFree : Free ProtonVPN Wireguard
VPN_GRP : Gateway group Mull1 and Mull2 as tier 1 and ProtonFree as tier 2
LocalVPN : Incoming VPN connections from road warrior devices
NAT is set to manual.
Outgoing connections from LAN and LocalVPN gets routed via the VPN_GRP so that is good. However all connections from the OPNsense box goes via the WAN interface including DNS queries resolved by Unbound DNS. I have set up DNS servers in System: Settings: General with one for each Wireguard gateway (I wish I could specify a gateway group) however this seems to be ignored.
Any advice on how to get the OPNsense box to use the VPN_GRP for outgoing connections and only use the WAN interface for setting up the connections to my Wireguard connections?
/Mark