OPNsense Forum

English Forums => Virtual private networks => Topic started by: whytrigg on November 26, 2020, 05:14:04 pm

Title: VPN talking to select IP's
Post by: whytrigg on November 26, 2020, 05:14:04 pm

Hello Smart People!

I'm in the process of setting up a multiVPN environment, I ultimately want my native connection running on 192.168.0.1/24 range, my US VPN running on 192.168.2.1/24 range and another 2 VPN's running on 192.168.3.1/24 and 192.168.4.1/24 respectively. I'll use tagged Vlan traffic (via ports and SSID's) to direct traffic down the correct VPN.

The setup is primarily for media if you are wondering.

Ok, the bit I need some help with. I have my first (US) VPN up and running great, tagged traffic goes where it needs to go and I have no leaks so Netflix etc all works perfectly. However, I have a plex server running on my native range and the devices on my VPN can't see it.

I would like to identify specific IP's that can talk to devices across all the ip ranges.

For example, something sitting on my US VPN with an IP 192.168.2.100 can speak to my plex server on 192.168.1.10, ideally with no leaks.

My interfaces (with just the first VPN setup) looks like this:

Interface                                          Network Port
LAN                                                  emo
VPN_GW_USA                                   ovpnc3
VPN_Lan                                           vlan 2 on emo()
WAN                                                 igb0

I've setup 4 firewall rules (which I think is the relevant bit) on VPN_LAN as follows:

Source                   Port          Destination               Port           Gateway
VPN_LAN net          *              VPN_Lan address      *               *
VPN_LAN Address   *              VPN_LAN address      *               *
VPN_Lan net          *               *                             *                VPN_GW_VPNV4
VPN_LAN Address   *               *                             *                VPN_GW_VPNV4

Now, how the devil do I make my VPN IP range 192.168.2.* see my plex server on 192.168.1.10.

I would also reapply this logic to my native IP cell phone range as so the cell phones can communicate with the devices as I sometimes use them as controls and I might think about letting the voice assistants (google spies) also talk to the devices on the VPN.

You are all probably wondering how I managed to set this up so far and not able to do this last bit, well, it was trial and error and many days without internet as my gateways and interfaces died with my tinkering touch. With a bit of luck I've ended up here!

I'm just hoping one of you smart people can kick me over the finish line!

Thank you!

David