I have a VLAN and a VPN and these are working.
However, I have entered some rules to limit VPN use and one doesn't seem to work, but I can't figure out why.
Alias
- Home1_TechDevices: Technicians PCs
- Home1_WorkingDevices: Devices accessible to users in the VLAN
- Home1_NoVPN: PC whose traffic must not pass through the VPN, but through the WAN
- Private_Networks: Networks as RFC 1918
The sequence of rules should be
- The technicians do what they want
- All users access devices in the VLAN
- All users invoke Captive Control
- All users who do not belong to the NoVPN group go into the VPN (excluding Private Networks)
- All remaining users of the VLAN access the OPNsense DNS
- All remaining users of the VLAN cannot access other networks
- All remaining users of the VLAN cannot access the firewall
- All remaining users of the VLAN cannot access the Private Networks (rule disabled because redundant)
- All remaining users of the VLAN access the Internet via the WAN.
Captive Portal login is never required and rule number 3 (in red) never appears in the log.
There is obviously something blocking it, but I can't figure out what.