OPNsense Forum
Archive => 20.1 Legacy Series => Topic started by: cmccallu on July 13, 2020, 06:06:56 am
-
Hi All,
Thanks to the author of the below blog post I have a single VLAN running over a OpenVPN client connection
https://blog.veloc1ty.de/2019/11/24/opnsense-route-subnet-over-vpn/
However just wondering if there is a better way without hardcoding IP addresses on a Gateway and OutBound NAT?
If I uncheck Don't pull routes on the OpenVPN client connection it all configures automatically but then all my outbound traffic goes via the OpenVPN client connection.
Thanks in Advance
Chris
-
I have been searching the forums and I'm the first to say I'm a newbie but found ppl asking the same type of questions in regards to gateway creation and routing? Is this a product limitation or purely my lack of understanding in how to configure this stuff? This sounds like a pretty standard use case?
Thanks
Chris
-
Chris,
You probably can adapt Nilss method to work for you (it works in the currect production series and gives you leakage protection if you set it up correctly).
https://forum.opnsense.org/index.php?topic=4979.msg25066#msg25066 (https://forum.opnsense.org/index.php?topic=4979.msg25066#msg25066)
I think you would just need to put the VLAN in the N_VPNUSER alias. However I am not sure (can VLANs be aliases?).
You might need to have to specify an IP ranges. I used an IP calculator to specify x.x.x.240 - x.x.x.254. I have yet to implement VLANs on my set up, so I cannot help you there.
I have gotten the method he talks about to work for me but some parts of it are not perfect such as the instruction on the don't pull route / don't add remove routes checkboxes.
In order for me to get his set up to work for me I only have don't add remove routes checked.
Search the Pfsense forums also. I have found that if I cannot figure it out using Opnsense resources, I can often use something someone did in Pfsense and figure out how to cross it over to Opnsense.
Cheers,
-
Hi Koldnitz,
Really appreciate the points! I will take a look and see what I can work out! I have a test OPNsense setup in a VM as well as my actual home setup on a mini-pc device!
Thanks again
Chris
-
Search the Pfsense forums also. I have found that if I cannot figure it out using Opnsense resources, I can often use something someone did in Pfsense and figure out how to cross it over to Opnsense.
Cheers,
BTW from what I could see the OpenVPN client setup on pfsense has an additional option/s in regards to the gateway creation.
-
Chris,
Opnsense is a fork of Pfsense which was a fork of Monowall (sp) so there are more similarities then differences (I started on Opnsense, I just google guides from people who used both / all three).
From what I have seen, while there are significant differences in both the UI / internals (I believe Opnsense does not run certain things in root) between Pfsense and Opnsense, if you can find an example of someone doing what you want to do in Pfsense it will most likely be possible in Opnsense (sometimes the options are somewhere else because the opnsense devs felt (?) it was more logical).
If you look at firewall rules from Pfsense you can almost directly transcribe them to Opnsense once you figure out the differences between the UIs.
Since there are seem to be historically more people using Pfsense (Opnsense forked circa 2015 I believe) I find sometimes it just easier to find stuff with a Pfsense slant and from there I take it and try and figure out how it is done on Opnsense.
I looked at this:
https://airvpn.org/forums/topic/17444-how-to-set-up-pfsense-23-for-airvpn/
(https://airvpn.org/forums/topic/17444-how-to-set-up-pfsense-23-for-airvpn/)
while trying to get my VPN set up working.
You can see the similarities / differences while reading what this guy did between Opnsense / Pfsense and what he does / you want to do.
It helped me understand things a little bit better.
I hope you figure out what you are trying to do.
Cheers,
-
https://forum.opnsense.org/index.php?topic=4979.msg25066#msg25066 (https://forum.opnsense.org/index.php?topic=4979.msg25066#msg25066)
Ok reading through that long thread I found a link to the following
https://support.nordvpn.com/Connectivity/Router/1292598142/OPNsense-18-7-setup-with-NordVPN.htm
I now have it working on a single VLAN tied to a single SSID on my network. Things that I believe helped are
1. On the OpenVPN client check Don't add/remove route. This stops your default route getting screwed up!
2. Re-Start the OpenVPN client after you assign the interface to have the IP addresses configured correctly on the gateway.
3. Disable IPv6 on the OpenVPN client, VLAN Firewall Rules & Gateway
Hope this may help others as I was tearing my hairout!
Cheers
Chris
-
Small update I now have it working with 2 VLANs with each setup to a different OpenVPN client connection!