Hello,
I am new to OpnSense and I recently started playing with it to see what it's possibilities are...
The software runs on a mini-pc with 2 NIC's (a LAN port and WAN port).
My goal is to configure the router in such a way that it routes LAN traffic to:
1. a VPN connection _
_or_
2. to the WAN (direct)
depending on the IP address of the device in the LAN.
First of all I'd like to know if that's possible, because until now I can't get it to work like that....
The documentation of OpnSense is rather rudimentary for beginners like me, so I am kind of stuck here....
My setup:
LAN IP mini pc : static (10.0.0.1/8), DHCP server is enabled
WAN IP mini pc: DHCP (192.168.1.13)
Also configured is an OPT1 interface (VPN client connection)
The WAN port is connected to the DSL modem (IP=192.168.1.254)
The LAN port is connected to my laptop (IP=10.0.0.100)
I have been playing with these settings:
In [Firewall -> Rules] I have defined two rules in LAN:
IPv4 TCP/UDP * * * 53 (DNS) * 'DNS'
IPv4 * * * 10.0.0.100/8 * WAN_DHCP 'LAN to WAN'
IPv4 * * * 10.0.0.101/8 * OPT1_VPNV4 'LAN to VPN'
In [Firewall -> NAT -> Outbound] I have defined two entries:
OPT1 any * * * OPT1 address * NO
WAN any * * * WAN address * NO
I am not sure if I am in the right direction....
Any ideas on how I could get this to work?
Thanks!
After several days of experimenting, I think I finally got it figured out (it appears to be working now :) )....
For those that are interested, I explain what I have changed....
It appears that if you want to specify a specific IP address for routing, you need to use a mask of <255.255.255.255> (/32).
In Firewall --> Rules:
IPv4 * 10.0.0.100 * * * OPT1_VPNV4 Allow LAN to VPN
IPv4 * 10.0.0.99 * * * WAN_DHCP Allow LAN to WAN
These 2 rules do the 'magic' here:
- Traffic from LAN device with IP=10.0.0.99 is routed to VPN,
- Traffic from LAN device with IP=10.0.0.100 is routed to WAN (direct)
One thing I noticed is that the 2 IP-adresses are shown without the '/xx' (this is due to the /32 setting, I guess)
Grtz