Text only | Text with Images

OPNsense Forum

English Forums => General Discussion => Topic started by: svenny on May 29, 2021, 07:30:37 PM

Title: Android Gateway
Post by: svenny on May 29, 2021, 07:30:37 PM
Hi all,

I've tried to add an Android Gateway to my OPNsense setup through the use of a Raspberry Pi and an Android phone working in USB tethering. This gateway is going to be connected when needed. I'm not going to use it in a Multi-WAN environment, just using it through policy routing. It's working nicely but I have found some "anomalies", probably because I didn't follow the steps in a correct order...

I've assigned my re1 interfaces as OPT1 and I've configured it:

Code Select

IPv4 address -> 192.168.42.214/24
IPv4 Upstream Gateway -> Auto-detect


The I've configured the gateway as follows:

Code Select

Name      Interface Protocol Priority Gateway      Monitor IP
ANDROIDGW OPT1 IPv4 255    192.168.42.129 8.8.4.4


Then I've added a rule to accept traffic for DNS from LAN:

Code Select

Protocol Source Port Destination Port Gateway
TCP/UDP *         *     This Firewall 53 (DNS)


Followed by policy routing rule for the Android Gateway:

Code Select

Protocol Source   Port Destination Port Gateway
any          IP_My_PC     *              *             *      ANDROIDGW


I thought that being OPT1 connected to a gateway OPNsense would have added a rule for it in the Outbound NAT, but it's not like this. The only rule for Outbound NAT is for the WAN:

Code Select

WAN LAN networks, Loopback networks, OPT1 networks, 127.0.0.0/8, 10.10.0.0/24


And OPT1 interface is there as if OPNsense would treat it as an internal interface. So I switched Firewall:NAT:Outbound mode to Hybrid and added a rule for NAT on OPT1 and it just worked.

I've tried also to setup the OPT1 interface "IPv4 Upstream Gateway" as "ANDROID GW 192.168.42.129" (instead of Auto-detect) but that does not change things.

So I'm here to ask: is there a way to tell OPNsense that OPT1 is not an internal interface and it should not be listed as source in the WAN Outbound NAT rule? is there a way to add automatic Outbound NAT rule for an interface connected to a gateway?

Sorry for the long post and many thanks in advance for your time.

Cheers, Sven

Title: Re: Android Gateway
Post by: svenny on June 02, 2021, 04:37:06 PM
I think that problem has something to do with this:

https://forum.opnsense.org/index.php?topic=10183.0 (https://forum.opnsense.org/index.php?topic=10183.0)

I followed the suggestion proposed by franco (I had already done this):

https://github.com/opnsense/core/issues/2914#issuecomment-439904741 (https://github.com/opnsense/core/issues/2914#issuecomment-439904741)

but it does not change things.

Versions:
        OPNsense 21.1.5-amd64
        FreeBSD 12.1-RELEASE-p16-HBSD
        OpenSSL 1.1.1k 25 Mar 2021

Cheers, Sven
Text only | Text with Images