OPNsense Forum

English Forums => 19.7 Production Series => Topic started by: Hover on April 02, 2019, 09:15:56 pm

Title: Second gateway on the same interface with a different IP and own routing
Post by: Hover on April 02, 2019, 09:15:56 pm
Hey OPNsense forum,

Im pretty new her and new to OPNsense and pf as packet filter. I running a PC-Engines APU2 board for my OPNsense setup.
It divides my home office LAN from my private LAN like this:

https://pastebin.com/RYJbjsP0 (https://pastebin.com/RYJbjsP0)

       
I configured the OPNsense box to do NAT for my private and for Office LAN. I also installed WireGuard on OPNsense so the box can act as an VPN Endpoint.

What I want to do is to setup a second gateway on the OPNsense (10.0.2.254) on the LAN interface and an gateway (10.0.0.254) on the OpenWRT box so the clients can decide if they want to tunnel all their traffic via WireGurad by using the 0.254 gateway or direct internet connection on the 0.1 gateway.

Under Linux this is easy; add an eth0:x device give it a different IP address. The rest can be handled using ip / iprout2 to manage that the the second gateway uses 10.0.2.254 as gateway and this gateway should tunnel everything through 10.0.1.1 to the internet.

I tried to set up things but ended up in somehow breaking (web interface wasn’t starting anymore, could not ping 10.0.2.1 anymore)  the configuration of the LAN interface on the OPNsense box, by adding a VLAN to the igb0 interface and giving that VLAN interface a different mac address.

I’m not sure how to achieve what I want on the OPNsense (Hardnend BSD) using the web interface or if there is a problem with my NIC drivers (Intel i210AT)  I have to admit.

I’m running the 19.7 version of OPNsense, because I want to run a WireGuard instance

Can some here help me on fixing my problem.

Best regards,
Hover
Title: Re: Second gateway on the same interface with a different IP and own routing
Post by: niziak on April 09, 2019, 10:49:27 am
You can add more IP addresses to interface using Firewall --> Virtual IPs --> Settings.
Then use rules to create policy based routing.