Hi,
My opnsense has:
LAN: 192.168.1.1 /24
OPT1WIFI: 10.10.10.1 /24
Devices connecting via Wifi get a DHCP IP Address in the 10.10.10.x range and I have rule on OPT1WIFI that routes all traffic out via my Wireguard PIA VPN. That seems to work fine.
But I'm having an issue allowing a Wifi device access to the LAN.. the traffic is sent out via the PIA Gateway not to the local device.
These are the rules I have configured on OP1WIFI.
(https://i.ibb.co/HhZjZ4P/cdtto3hcgyt61.png) (https://ibb.co/NTRMRCN)
- Block IPv6 mDNS
- Stop wireless clients getting to OPT2
- Any wifi client can access the LAN printer
- Specifc Wireless devices don't use the VPN
- Block anything that isn't in the AllowedList from the LAN
- Set the default gateway.
These rules are copied from a working pfSense, which I'm trying to move away from.
The wireless devices I've tried are in the AllowedList, but a traceroute from them shows the traffic is being sent via the WAN_PIAWG gateway, not to the local LAN device.
How do I only allow the 'AllowedList' access to the LAN ?
What I'm trying to achieve is set all wifi devices to use the VPN, except a chosen few.
Thanks
Quote from: TomT on April 19, 2021, 10:01:14 PM
Any one any ideas on this ?
Make rule 5 a "pass" rule and do not negate "AllowedList".
Otherwise all clients in "AllowedList" will run into rule 6 and get WAN_PIAGW_IPv4 as gateway for all outbound traffic, which by your description seems to be what is actually happening :)
Thanks for the help.
All working now :)