OPNsense Forum
English Forums => Virtual private networks => Topic started by: MarkH42 on June 24, 2022, 11:25:28 pm
-
Hello,
I have been working on transitioning from a Debian Linux firewall/router to OPNsense. Setup is currently as follows:
WAN : connected to ATT router
LAN : local network
Mull1,Mull2 : Connected to 2 different Mullvad Wireguard servers
ProtonFree : Free ProtonVPN Wireguard
VPN_GRP : Gateway group Mull1 and Mull2 as tier 1 and ProtonFree as tier 2
LocalVPN : Incoming VPN connections from road warrior devices
NAT is set to manual.
Outgoing connections from LAN and LocalVPN gets routed via the VPN_GRP so that is good. However all connections from the OPNsense box goes via the WAN interface including DNS queries resolved by Unbound DNS. I have set up DNS servers in System: Settings: General with one for each Wireguard gateway (I wish I could specify a gateway group) however this seems to be ignored.
Any advice on how to get the OPNsense box to use the VPN_GRP for outgoing connections and only use the WAN interface for setting up the connections to my Wireguard connections?
/Mark
-
Can you set the query source address in Unbound? Try setting it to the LAN address.
I'm running BIND, so just a guess on my part.
-
I guess I should have mentioned that I have configured Unbound DNS to only use the LAN and VPN interfaces. The WAN interface is not listed.
/Mark
-
Maybe you need this floating rule: https://docs.opnsense.org/manual/how-tos/wireguard-selective-routing.html#step-9-configure-routing
-
I have attached my floating rules. The first 2 were an attempt to make rules to route the firewall traffic over the VPN but they do not work right.
The last 2 rules are for the road warrior VPN network. the first routes internet traffic to the gateway group and works. The last was an attempt to route traffic to the LAN but that don't work right either.
The rest are the rules needed to make Wireguard work right.