OPNsense Forum

Archive => 21.1 Legacy Series => Topic started by: Matzke on June 23, 2021, 08:53:27 PM

Title: NordVPN tunnel
Post by: Matzke on June 23, 2021, 08:53:27 PM
Dear all,

I have created an OpenVPN-Client-Connection to NordVPN as an anonymizer.

I also have a guest-Net (VLAN) and want to force all guest participants through this VPN tunnel so that my external IP is hidden.

All other clients (internal net...) should use the default gateway (or default gateway group).

How can I set this up because I don't have a gateway-entry for my NordVPN tunnel so I can't choose it in my firewall rule as a gateway for specific traffic or participants?

Thanks a lot.
Title: Re: NordVPN tunnel
Post by: Matzke on June 23, 2021, 08:57:19 PM
BTW: I just deleted all my OpenVPN Interface assignments due to https://forum.opnsense.org/index.php?topic=23460.0

So I can't setup an gateway.

Before deleting it - I had a gateway and could redirect traffic through the tunnel - but I had the Problem stated in the link above (shared forwarding and OpenVPN)
Title: Re: NordVPN tunnel
Post by: Matzke on June 24, 2021, 09:53:27 PM
Dear mimugmail,

I just wanted to ask - what is the right setup for OpenVPN?

In a lot of manuals I can find that I have to assign tho ovpnc1 (or another number) as a separate interface. After that I can configure gateways and policy based routing for NordVPN.

In my topic "Shared Forwarding various failures using it" you mentioned, that I should not assing OpenVPN Interfaces.

Could you please clarify what is the right way. When should I assign a interface and when I should assign no interface?
What is the difference - what happens to opnsense when I assign an interface or not???
Title: Re: NordVPN tunnel
Post by: KeyHand on June 25, 2021, 01:41:52 PM
You can achieve selective routing over an OpenVPN connection by following the relevant sections in these two guides:

Creating an OpenVPN client connection ('VPN: OpenVPN: Clients') will automatically create IPv4 and IPv6 gateways ('System: Gateways: Single').  The same is not true for WireGuard interfaces, hence the guide covering manual gateway creation.

Assigning the OpenVPN interface (`ovpnc1` or similar) to new OPNsense system interface (steps 6 and 7 in the NordVPN guide) is required for selective routing to work.
Title: Re: NordVPN tunnel
Post by: Matzke on July 04, 2021, 08:30:10 PM
... thanks a lot, but this doesn't answer my question.

I already read the manual. It works perfectly when doing so.

My question is - when should I assign an interface to an OpenVPN instance and when not. In my "sister"-thread I got problems occuring after interface-assignment. As soon as deleting the assignment one of my problems dissappeared.

On the other hand - without an assignment I can't use the tunnel as a gateway.