Hi,
I am trying to set up a single OpnSense instance to serve as a default gateway with multiple upstream VPNs, where the upstream VPN that gets used for forwarding client traffic is selected based on which ip address the client used for a gateway.
So, for example, assume my opnsense instance has address 10.0.0.10/24 and ip alias 10.0.0.20/24 on its LAN interface. If a LAN client used 10.0.0.10 as its gateway, I would like to forward this traffic through VPN A. But if a client used 10.0.0.20 as the gateway, then I want to forward that traffic through VPN B.
Is this possible? I know how to do it with multiple interfaces in the opnsense, but I can't figure out how to accomplish this on a single interface/subnet.
Client-selected forwarding? The gateway used by the client is simply translated to a MAC address (assuming an 802.1-compatible medium, such as Ethernet or Wi-Fi), so there is nothing for the firewall to match. The only relatively transparent client-selectable packet element (other than source IP address) I can spot offhand that can be matched by pf is priority/DSCP. Other folks may have different/better ideas.