OPNsense Forum

Hello, i need your help with this

Why cant I get this simple routing settings to work?

192.168.1.0   Network.
192.168.1.20 Gateway inside Network

When someone on network 192.168.1.0 use a software that uses  10.0.0.0 addresses I want it to be routed to the gateway 192.168.1.20

I Created a gateway inside gateway settings 192.168.1.20 which is memeber of 192.168.1.0 network
I setup static route inside OPNsense routing settings 10.0.0.0 to gateway 192.168.1.20

Since WAN_Gateway is active the traffic get routed to WAN and not to the gateway which is 192.168.1.20.
If i set the gateway 192.168.1.20 as active the route works perfectly but the internet connection drops.

the prio dosnt seem to work because it will always choose WAN_Gateway. what am i doing wrong? I followed the traffic.

Someone can help me on this? or atleast "This is how i would do it"
Why is it picking the WAN gateway since static routing telling it to not

Do your firewall rules  on LAN have an explicit gateway set? This is not necessary unless you run multi WAN.

Thank you for answering!

In my first post i wrote 192.168.1.0 as LAN, i removed it from the post now
It is actually a separate vlan network  = 192.168.1.0

On the LAN fw i allow everything in
On the 192.168.1.0 network fw, I allow everything in
So default gateway settings

Please provide a diagram of your network.

Its actually very basic a vlan 10 with network 192.168.1.0.
Clients inside this network when the click on a app that uses 10.0.0.0 traffic should be strict routed to ip 192.168.1.20.
I created a gateway and a static route as described.

I have tested to create a rule in network 192.168.1.0 fw.
source: 10.0.0.0 network and choose the 192.168.1.20 gateway and put it on top, but it didnt work.

The problem is that the static route isnt applied unless its choosen as active gateway,

Example

1. (Active) 192.168.1.20_Gateway ( now the routing is working but not internet)
2. WAN_DHCP gateway

if we do

1. (Active) WAN_DHCP gateway( now the internet is working but not the static route )
2. 192.168.1.20_Gateway

Quote from: frudda on June 30, 2024, 01:29:29 PM
Its actually very basic a vlan 10 with network 192.168.1.0.
Clients inside this network when the click on a app that uses 10.0.0.0 traffic should be strict routed to ip 192.168.1.20.
I created a gateway and a static route as described.

I do not understand the sentence marked in bold, sorry. A diagram would probably help.

+---------------------+   
|                            |       
|   Computer          | 
|   (192.168.1.0/24)  |
|                            |
+---------------------+       
        |
        |                             
        v 
   +----------------------------------+
   |                                          |
   |   Client Software               |
   |   (10.0.0.0/24)                   |
   |                                          |
   +----------------------------------+
        |                              ^
        |                               |
        v                              |
   +----------------------------------+
   |                                          |
   |   Server Behind Gateway |
   |   (10.0.0.0/24)                  |
   |   (Connected via 192.168.1.20) |
   |                                          |
   +----------------------------------+

I can do a static route in windows easy 10.0.0.0 255.255.255.0 192.168.1.20 and it works.
But in opnsense its not working.

Again, this does not make much sense. Where is OPNsense? How can "client software" be part of a network. Please draw involved devices only and their addresses and the topology.

Will this help?

How can i route 10.0.0.0 adresses to IP 192.168.1.20

---------------------+
|                        |
|      LAN            |
|   192.168.2.1   |
|                         |
+---------------------+
        |
        | VLAN 10
        |
+---------------------+
|                           |
|    NETWORK     |
|  192.168.1.0/24  |
|  (VLAN 10)         |
|                           |
+---------------------+
        |
        | 192.168.1.1
        |
+---------------------+
|                           |
|     GATEWAY     |
|                           |
+---------------------+
        |
        | DHCP
        |
+---------------------+
|                     |
|       WAN           |
|                     |
+---------------------+

Im going to try out this tomorrow

"Certainly! When you configure policy-based routing to direct traffic from the 192.168.1.0 network to the 192.168.1.20 gateway, the connected users will still have internet access. Here's how it works:"

Policy-Based Routing (PBR):
PBR allows you to selectively route traffic based on specific criteria (such as source IP address, protocol, or port).
By creating a firewall rule that matches traffic from the 192.168.1.0 network, you can specify the 192.168.1.20 gateway as the preferred route for that traffic.
Other traffic (not matching the rule) will continue to use the default gateway (usually the WAN gateway), ensuring internet connectivity.
In summary, PBR lets you control routing for specific traffic while maintaining overall internet access for connected users.

Im so glad that i resolved this issue.

I turned the WAN_Gateway back as active. With prio 1.
192.168.1.20 gateway with prio 3.

In routing i had to change routing (all) 10.0.0.0 to (specific) 10.3.1.0 which is the whole network

So in route settings now 10.3.1.0 192.168.1.20 (Gateway)

Why this soulution works i dont know.