Text only | Text with Images

OPNsense Forum

English Forums => General Discussion => Topic started by: intrepid2007 on February 10, 2017, 02:24:47 PM

Title: Another attempt: DNS issues in multi VPN setup
Post by: intrepid2007 on February 10, 2017, 02:24:47 PM
Hi there,

Another approach/attempt to get this working correctly...

What I want, is the following:

LAN clients in 192.168.0.10 - 192.168.0.19 range must connect to OpenVpn client expressvpn
LAN clients in 192.168.0.20 - 192.168.0.29 range must connect to OpenVpn client ipvanish #1
LAN clients in 192.168.0.30 - 192.168.0.39 range must connect to OpenVpn client ipvanish #2

Each vpn must use it's own manually configured dns server for resolving names...


For example:
When a client with IP 192.168.0.32 connects to the internet, it must use the ipvanish #2 gateway.
Both resolving the DNS as the DATA transfer should be handled by this gateway.

I am new to OpnSense and I have tried various scenarios. Unfortunately I still can't get it to work correctly.
Is what I want, possible with OpnSense???

When using my configuration, it appears to 'mix' the gateways and dns servers (dns resolve via expressvpn, data exchange via ipvanish)



My setup is as follows:
OpnSense version 16.7 (with the last updates installed)

LAN Interface : IP range = 192.68.0.x
OpnSense IP  : 192.168.0.254
WAN              : static, IP = 192.168.1.199 (upstream gateway set to DSL modem IP 192.168.1.254)

And I have configured 3 vpn clients (1x expressvpn, 2x ipvanish), which appear to be  working fine.


Config in OpnSense is as follows:

- In system, settings, general:
Prefer IPv4 over IPv6=checked
Gateway switching =unchecked

DNS servers:
dns server=8.8.8.8 / gateway=wan

Allow DNS server list to be overridden by DHCP/PPP on WAN=checked
Do not use the DNS Forwarder/Resolver as a DNS server for the firewall=checked

- In firewall -> rules i have the following rules in the LAN section:

rule 1: Anti-Lockout Rule

rule 2: DNS
interface=lan
protocol=tcp/ip
source/invert= unchecked
source=any
destination=any
destination port range = dns - dns
gateway=default

rule 3: expressvpn
interface=lan
tcp/ip version=ipv4
Protocol=any
Source / Invert=unchecked
Source=expressvpn (the alias with ip addresses)
Destination=any
Destination port range=any
Gateway=opt_expressvpn_vpnv4

rule 4 and rule 5: ipvanish#1 / ipvanish#2
same as expressvpn rule, only the gateway is different

DNS resolver service is enabled (using default settings -all checkboxes are unchecked-).


The opnsense's dhcp server issues specific ip addresses based upon the mac address of the client's NIC.

Has anyone ideas to get me in the right direction????

Text only | Text with Images