OPNsense Forum
English Forums => General Discussion => Topic started by: michael on February 04, 2020, 02:12:53 am
-
Hi - new user here, so forgive my noob question. I have OPNsense setup using Wireguard w/Mullvad VPN, using the routerperformance.com tutorial for AzireVPN. All works well, except I have two devices on my network that need to bypass the VPN, and additionally there are some websites (bank, etc) that don't function via the VPN service. Can someone point me to a simple guide to follow, or provide steps, as to how I set rules to selectively bypass these devices (I can set static IP addresses if needed) and websites from the VPN so they connect directly?
-
OK so I think I figured it out, via a couple of youtube videos for that other 'sense. Built firewall LAN rules and aliases to direct the traffic from static IPs or to destination urls (with alias) through the WAN ahead of the VPN. All good.
For reference: https://youtu.be/ekRgAATnIsU?t=238 (https://youtu.be/ekRgAATnIsU?t=238)
-
Well my firewall LAN rules for the two devices to route to the WAN rather than the wireguard VPN gateway worked.
On the other hand, the rule for websites which don't play nice with a VPN did not. Anyone know how to set this up with wireguard?
I created a rule with IPv4-TCP/UDP protocol, any source, destination URLs list (in Alias grouping) sent to WAN Gateway. Doesn't seem to work, the sites are still blocking access as the VPN isn't being bypassed.
-
Talking to myself again...
But I was able to get this to work by changing settings for the Alias group from "URL (IPs)" to "Hosts" and from Source "Any" to "LAN net", and setting Protocol to just IPV4*
Seems to work well, any host url that I place in the Alias group will route directly to the WAN and bypass the VPN gateway.
-
Talking to myself again...
But I was able to get this to work by changing settings for the Alias group from "URL (IPs)" to "Hosts" and from Source "Any" to "LAN net", and setting Protocol to just IPV4*
Seems to work well, any host url that I place in the Alias group will route directly to the WAN and bypass the VPN gateway.
just checking but did you allow all of your LAN's ip pass the vpn by making the source to "LAN net"? you might what to check that. if so change it to the alias group that you made with the hosts listed inside it. if I am wrong then sorry to bug you, just wanted to check. i am wondering my self if it did.