Dear all,
I have created an OpenVPN-Client-Connection to NordVPN as an anonymizer.
I also have a guest-Net (VLAN) and want to force all guest participants through this VPN tunnel so that my external IP is hidden.
All other clients (internal net...) should use the default gateway (or default gateway group).
How can I set this up because I don't have a gateway-entry for my NordVPN tunnel so I can't choose it in my firewall rule as a gateway for specific traffic or participants?
Thanks a lot.
BTW: I just deleted all my OpenVPN Interface assignments due to https://forum.opnsense.org/index.php?topic=23460.0
So I can't setup an gateway.
Before deleting it - I had a gateway and could redirect traffic through the tunnel - but I had the Problem stated in the link above (shared forwarding and OpenVPN)
Dear mimugmail,
I just wanted to ask - what is the right setup for OpenVPN?
In a lot of manuals I can find that I have to assign tho ovpnc1 (or another number) as a separate interface. After that I can configure gateways and policy based routing for NordVPN.
In my topic "Shared Forwarding various failures using it" you mentioned, that I should not assing OpenVPN Interfaces.
Could you please clarify what is the right way. When should I assign a interface and when I should assign no interface?
What is the difference - what happens to opnsense when I assign an interface or not???
You can achieve selective routing over an OpenVPN connection by following the relevant sections in these two guides:
- OPNsense 19.1 setup with NordVPN (https://support.nordvpn.com/Connectivity/Router/1292598142/OPNsense-19-1-setup-with-NordVPN.htm)
- WireGuard Selective Routing to External VPN Provider (https://docs.opnsense.org/manual/how-tos/wireguard-selective-routing.html)
Creating an OpenVPN client connection ('VPN: OpenVPN: Clients') will automatically create IPv4 and IPv6 gateways ('System: Gateways: Single'). The same is not true for WireGuard interfaces, hence the guide covering manual gateway creation.
Assigning the OpenVPN interface (`
ovpnc1` or similar) to new OPNsense system interface (steps 6 and 7 in the NordVPN guide) is required for selective routing to work.
... thanks a lot, but this doesn't answer my question.
I already read the manual. It works perfectly when doing so.
My question is - when should I assign an interface to an OpenVPN instance and when not. In my "sister"-thread I got problems occuring after interface-assignment. As soon as deleting the assignment one of my problems dissappeared.
On the other hand - without an assignment I can't use the tunnel as a gateway.