OPNsense Forum
Archive => 20.7 Legacy Series => Topic started by: lebidochon on November 19, 2020, 09:09:45 pm
-
Good evening,
I am a former IPCOP, then IPFIRE, then now OPNsense 20.7.4-amd64
I configured Opnsense ... a pleasure .... everything works perfectly.
Problem:
I have configured an OPENVPN server with clients .... it's ok everything is working perfectly.
My remote users can access my servers (SAMBA) and they can access the internet via Opnsense.
What I'm trying to configure is that my users access the servers via OPENVPN ... but that their internet browsing is done through their ISPs and not from Opnsense while keeping their VPN connections open.
I therefore deactivate / activate Redirect Gateway on the Openvpn server .... but their gateway is still that of Opensense.
Is there a special config to do what I want?
Thanks in advance.
PS:Sorry for my english .... i am french.
-
Good evening,
I am a former IPCOP, then IPFIRE, then now OPNsense 20.7.4-amd64
I configured Opnsense ... a pleasure .... everything works perfectly.
Problem:
I have configured an OPENVPN server with clients .... it's ok everything is working perfectly.
My remote users can access my servers (SAMBA) and they can access the internet via Opnsense.
What I'm trying to configure is that my users access the servers via OPENVPN ... but that their internet browsing is done through their ISPs and not from Opnsense while keeping their VPN connections open.
I therefore deactivate / activate Redirect Gateway on the Openvpn server .... but their gateway is still that of Opensense.
Is there a special config to do what I want?
Thanks in advance.
PS:Sorry for my english .... i am french.
Disable redirect gateway. (You need to change it on the client site as well - re-export the client config).
What is your tunnel network and what your local network configured in the vpn Server config ?
-
I deactivated Redirect Gateway and restarted the server, re export a client and install it on his workstation. His public internet ip is that of Opnsense and not his.
IPv4 Tunnel Network: 192.168.240.0/24
LAN: 192.168.250.0/24
-
I deactivated Redirect Gateway and restarted the server, re export a client and install it on his workstation. His public internet ip is that of Opnsense and not his.
IPv4 Tunnel Network: 192.168.240.0/24
LAN: 192.168.250.0/24
What does a tracert on the client say to 8.8.8. or so?
Does it go over the vpn ?
-
Saut Nom d'hôte Adresse IP Temps 1
1 192.168.240.1 192.168.240.1 60.983
1 192.168.240.1 192.168.240.1 55.860
2 192.168.50.254 192.168.50.254 94.286 ....WAN (FAI) opensense
3 194.149.169.53 194.149.169.53 50.739
6 be2151.agr21.par04.atlas.cogentco.com 154.54.61.34 354.005
7 tata.par04.atlas.cogentco.com 130.117.15.70 126.481
-
By activating / deactivating Redirect Gateway, the (remote) user pc always goes through opnsense… to surf the internet.
I must not have fully understood the Redirect Gateway feature.
On Opnsense:
WAN (public ip): 82.X.Y.Z
LAN: 192.168.250.0/24 (SAMBA server: 192.168.250.10)
OPENVPN: 192.168.240.0/24 (gateway: 192.168.240.1)
User PC (Windows 10) before VPN connection:
WAN (public IP): 92.Z.Z.Z
LAN: 192.168.43.0/24 (gateway: 192.168.43.1)
Local IP: 192.168.43.10
The pc is browsing the internet with 92.Z.Z.Z as the IP
If Redirect Gateway is checked and IPv4 Local Network is empty: all traffic goes through opnsense.
After connecting to the VPN the user pc becomes:
WAN (public IP): 82.X.Y.Z
LAN: 192.168.240.0/24 (gateway: 192.168.240.1)
Local IP: 192.168.240.5
The pc browses the internet with the IP 82.X.Y.Z and uses the bandwidth of Opnsense.
If Redirect Gateway is not checked and IPv4 Local Network 192.168.250.0/24: only 192.168.250.0/24 goes through opnsense.
After connecting to the VPN the user pc becomes:
WAN (public IP): 92.Z.Z.Z
LAN: 192.168.43.0/24 (gateway: 192.168.43.1)
Local IP: 192.168.43.10
A route 192.168.250.0/24 is added to be able to reach the SAMBA server 192.168.250.10
The pc browses the internet with 92.Z.Z.Z as the IP but does not use the Opnsense bandwidth (except for SAMBA 192.168.250.10).
Where is the error?
-
By activating / deactivating Redirect Gateway, the (remote) user pc always goes through opnsense… to surf the internet.
I must not have fully understood the Redirect Gateway feature.
On Opnsense:
WAN (public ip): 82.X.Y.Z
LAN: 192.168.250.0/24 (SAMBA server: 192.168.250.10)
OPENVPN: 192.168.240.0/24 (gateway: 192.168.240.1)
User PC (Windows 10) before VPN connection:
WAN (public IP): 92.Z.Z.Z
LAN: 192.168.43.0/24 (gateway: 192.168.43.1)
Local IP: 192.168.43.10
The pc is browsing the internet with 92.Z.Z.Z as the IP
If Redirect Gateway is checked and IPv4 Local Network is empty: all traffic goes through opnsense.
After connecting to the VPN the user pc becomes:
WAN (public IP): 82.X.Y.Z
LAN: 192.168.240.0/24 (gateway: 192.168.240.1)
Local IP: 192.168.240.5
The pc browses the internet with the IP 82.X.Y.Z and uses the bandwidth of Opnsense.
If Redirect Gateway is not checked and IPv4 Local Network 192.168.250.0/24: only 192.168.250.0/24 goes through opnsense.
After connecting to the VPN the user pc becomes:
WAN (public IP): 92.Z.Z.Z
LAN: 192.168.43.0/24 (gateway: 192.168.43.1)
Local IP: 192.168.43.10
A route 192.168.250.0/24 is added to be able to reach the SAMBA server 192.168.250.10
The pc browses the internet with 92.Z.Z.Z as the IP but does not use the Opnsense bandwidth (except for SAMBA 192.168.250.10).
Where is the error?
So it's working as expected?
Everything looks fine
-
Oops ... no
Openvpn server with Redirect Gateway ticked works fine.
But that's not what I want to do.
I want to uncheck Redirect Gateway so that user PCs use their bandwidth to surf the internet and use opnsense bandwidth only to go to the SAMBA server.
If I uncheck Redirect Gateway… Internet surfing always goes through Opnsense.
-
Oops ... no
Openvpn server with Redirect Gateway ticked works fine.
But that's not what I want to do.
I want to uncheck Redirect Gateway so that user PCs use their bandwidth to surf the internet and use opnsense bandwidth only to go to the SAMBA server.
If I uncheck Redirect Gateway… Internet surfing always goes through Opnsense.
After connecting to the VPN the user pc becomes:
WAN (public IP): 92.Z.Z.Z
LAN: 192.168.43.0/24 (gateway: 192.168.43.1)
Local IP: 192.168.43.10
A route 192.168.250.0/24 is added to be able to reach the SAMBA server 192.168.250.10
The pc browses the internet with 92.Z.Z.Z as the IP but does not use the Opnsense bandwidth (except for SAMBA 192.168.250.10).
That part says, that the pc goes over its own Public IP to the internet
-
Hi, I made an example to make sure I understood how Redirect Gateway works.
If I follow the example, currently if I uncheck Redirect Gateway (with restart of the server, and export of the client), I have the current config:
WAN (public IP): 82.X.Y.Z
LAN: 192.168.240.0/24 (gateway: 192.168.240.1)
Local IP: 192.168.240.5
which is not good, because the pc is browsing the internet with IP 82.X.Y.Z as the IP and using the Opnsense bandwidth.
What I'm looking to do is:
WAN (public IP): 92.Z.Z.Z
LAN: 192.168.43.0/24 (gateway: 192.168.43.1)
Local IP: 192.168.43.10
A route 192.168.250.0/24 is added to be able to reach the SAMBA server 192.168.250.10
The pc browses the internet with 92.Z.Z.Z as the IP but does not use the Opnsense bandwidth (except for SAMBA 192.168.250.10).
Whether I check or uncheck Redirect Gateway, the user pc config is not what I am looking for.
I have the impression that Redirect Gateway unchecked is not supported ...
-
Hi, I made an example to make sure I understood how Redirect Gateway works.
If I follow the example, currently if I uncheck Redirect Gateway (with restart of the server, and export of the client), I have the current config:
WAN (public IP): 82.X.Y.Z
LAN: 192.168.240.0/24 (gateway: 192.168.240.1)
Local IP: 192.168.240.5
which is not good, because the pc is browsing the internet with IP 82.X.Y.Z as the IP and using the Opnsense bandwidth.
What I'm looking to do is:
WAN (public IP): 92.Z.Z.Z
LAN: 192.168.43.0/24 (gateway: 192.168.43.1)
Local IP: 192.168.43.10
A route 192.168.250.0/24 is added to be able to reach the SAMBA server 192.168.250.10
The pc browses the internet with 92.Z.Z.Z as the IP but does not use the Opnsense bandwidth (except for SAMBA 192.168.250.10).
Whether I check or uncheck Redirect Gateway, the user pc config is not what I am looking for.
I have the impression that Redirect Gateway unchecked is not supported ...
Which vpn software are you using ? Already tried another client like mobile phone or so ?
-
Test on PC with Debian 10 (Gnome) and Windows 10
with openvpn community (2.4.7).
-
Update OPNsense 20.7.4-amd64 to OPNsense 20.7.5-amd64
The Redirect Gateway option checked, unchecked now works normally.
Recap:
Redirect Gateway not checked
My pc users have Opnsense bandwidth for SAMBA, and their own bandwidth for surfing the internet.
Windows 10 PC with openvpn community 2.4.7… OK
Linux PC Debian 10 (GNOME) with openvpn 2.4.7-1 ... .. you must check "only use this connection for resources on this network" in the IPV4 menu ... OK
Info:
On windows, if an OPENVPN server has the Redirect Gateway option checked and you want to force the use of the internet with the bandwidth of the PC and use the bandwidth on the OPENVPN server for resources…. add "pull-filter ignore redirect-gateway" in the client's xxxx.opvn file.
Sorry for my English ... I am French.
Thanks for your help.
-
Update OPNsense 20.7.4-amd64 to OPNsense 20.7.5-amd64
The Redirect Gateway option checked, unchecked now works normally.
Recap:
Redirect Gateway not checked
My pc users have Opnsense bandwidth for SAMBA, and their own bandwidth for surfing the internet.
Windows 10 PC with openvpn community 2.4.7… OK
Linux PC Debian 10 (GNOME) with openvpn 2.4.7-1 ... .. you must check "only use this connection for resources on this network" in the IPV4 menu ... OK
Info:
On windows, if an OPENVPN server has the Redirect Gateway option checked and you want to force the use of the internet with the bandwidth of the PC and use the bandwidth on the OPENVPN server for resources…. add "pull-filter ignore redirect-gateway" in the client's xxxx.opvn file.
Sorry for my English ... I am French.
Thanks for your help.