OPNsense Forum
English Forums => Web Proxy Filtering and Caching => Topic started by: revnelson on November 01, 2019, 03:31:54 am
-
I'm currently living in China where OpenVPN services are regularly blocked. I've got a shadowsocks service I can connect to with great results and would like to ultimately have two gateways (?) to the internet--one standard to my ISP, and one that goes out via the shadowsocks connection. I'm pretty new to networking, but keen to learn so I'm hoping someone can give me pointers or at least correct my terminology because I'm honestly not even sure I'm searching for the right things.
Here's a rundown of what I want my network to look like:
ISP Modem -> opnsense -> Unifi Switches -> Wired clients and Wifi APs
I would like to have 4 local networks, one for networking devices, one for IoT things with lots of firewall rules to restrict inter-subnet communication and internet access, one for standard local (Chinese) internet access, and one that goes out of the Shadowsocks connection on port 1080 of the opnsource device.
I'm assuming I need to configure gateways and VLANS for these networks. I'm envisioning the following subnets:
192.168.0.0/24 -- Networking hardware such as opnsense, switches, and APs
192.168.1.0/24 -- All hosts that want direct (local) internet access
192.168.2.0/24 -- All hosts that want uncensored (shadowsocks) internet access
192.168.3.0/24 -- IoT devices that may be allowed to access the internet directly or through shadowsocks
I'd like to have 3 wireless networks to choose from (i.e. "RevNelson - China, RevNelson - Freedom, RevNelson - IoT") that are VLAN tagged to put the client on the correct subnet.
If someone could provide an overview of what it would take to set that up, it would greatly help me search for what I need to learn. Something like "You need to set a gateway with DHCP server for each respective subnet. Firewall NAT rules on WAN Outbound will let you send traffic from specific IoT devices out to the internet." I'm sure that's cringe-worthy to experienced network admins, haha.
If that's too big of an ask, I'm sure with enough poking around I can at least get the subnets set up on my own.
The main thing I need help with is getting all the traffic from any host on the 192.168.2.0/24 subnet to go through the shadowsocks local client without the clients needing to set proxies. This works great with an OpenVPN connection, but as I've said, those are too unreliable in this glorious place.
-
Just follow the multi wan howto. Then you get an idea how everything works. After this search for PIA vpn in the howto section on this forums, there you will learn the rest :)
-
Thank you for taking the time to reply! I looked into the Multi WAN how-to, and it seemed like a load-balancing/failover type thing that wasn't what I was looking for. As for the VPN guides, VPN traffic is quickly shut down here and I don't have any VPN provider or server because of this. The good news is I got all my local subnets and intranet traffic working well! I did manage to set up a shadowsocksr client on the opnsense box that seems to be working via the opnsense box shell. I've started a new topic in general discussion as I still don't know where to look to get traffic from an Alias to go to that client. If you have the time and might be able to help me out again, please take a look:
https://forum.opnsense.org/index.php?topic=14927.0 (https://forum.opnsense.org/index.php?topic=14927.0)