OPNsense Forum
English Forums => General Discussion => Topic started by: ressurex on November 12, 2018, 08:27:29 pm
-
Hi all.
the short story is that im trying to create my own how-to based on torguard VPN service.
Its a loadbalacend 4 connection setup based om merged torguard/pfsense manuals. I though why not do a torguard complete how-to, test it out and share it.
Currently I have a working online 4 VPN gateway group, with 30 servers in each connection. alle chosen randomly on every boot. ( reboot every night using CRON)
(https://i.imgur.com/akEskKE.jpg)
But then the next part of the manual doing the firewall rules, i just cant get to work....
I use the german https://dns.watch/ as forced DNS, but that should be a problem.
this following setup is what i need to do next, but its not working...
any commets ??
----------------
Create Firewall Rules
In this section, we are going to create a floating firewall rule to Reject any LAN outbound packets that are tagged as NO_WAN_OUTBOUND and then we are going to create a LAN rule that will tag all traffic as NO_WAN_OUTBOUND as well as use the OpenVPNGatewayGroup we created in the section above as the default gateway for that traffic. Using this method, we are going to ensure that ALL LAN traffic will ONLY go through the OpenVPN connections.
1. Navigate to Firewall --> Rules and ensure the Floating tab is selected. (Figure 15).
2. Click the Add button with the down arrow on the bottom of the page to add a rule to the end of the list (Figure 16).
3. You will be re-directed to the Edit firewall Rule page.
4. In the Action field ensure Reject is selected.
5. In the Interface field ensure the WAN interface is selected.
6. In the Direction field ensure out is selected.
7. In the Address Family ensure IPv4 is selected.
8. In the Protocol field ensure Any is selected(Figure 17).
9. In the Log field, check the Log packets that are handled by this rule.
10. In the Description field, enter the following description: Reject Packets tagged with NO_WAN_OUTBOUND.
11. In the Advanced Options field, click Display Advanced button (Figure 18).
12. Clicking the Advanced Options button from the previous step, will display the Advanced Options section.
13. In the set local tag field, enter the following: NO_WAN_OUTBOUND (Figure 19). Ensure you make a note of the NO_WAN_OUTBOUND tag because we are going to be using it in LAN rule we are going to be creating next.
14. Click the Save button at the bottom of the page.
15. You will be re-directed back to the Floating rules tab page.
16. Click on the Apply Changes button on the top of the page to apply the changes (Figure 20).
17. Next click on the LAN tab (Figure 21).
18. Click the Add button with the down arrow on the bottom of the page to add a rule to the end of the list (Figure 22).
19. You will be re-directed to the Edit firewall Rule page.
20. In the Action field ensure Pass is selected.
21. In the Disabled field ensure Disable this rule is Unchecked.
22. In the Interface field ensure the LAN interface is selected.
23. In the Address Family ensure IPv4 is selected.
24. In the Protocol field ensure Any is selected (Figure 23).
25. Under the Source section, in the Source field, ensure LAN net is selected.
26. Under the Destination section, in the Destination field, ensure any is selected.
27. Under the Extra Options section, in the Log field, ensure Log packets that are handled by this rule is checked.
28. Under the Extra Options section, in the Description field, enter a description for this rule (Ex: Allow LAN to any via VPN Only).
29. Under the Extra Options section, in the Advanced Options field, click the Display Advanced button (Figure 24).
30. Clicking the Advanced Options button from the previous step, will display the Advanced Options section.
31. Under the Advanced Options section, in the set local tag field, enter NO_WAN_OUTBOUND (Figure 25).
32. Under the Advanced Options section, in the Gateway field, ensure the OpenVPNGatewayGroup gateway is selected (Figure 26).
33. Click the Save button at the bottom of the page.
34. You will be re-directed back to the LAN rules tab page.
35. Click on the Apply Changes button on the top of the page to apply the changes (Figure 27).
-
anyone ?? :(