OPNsense Forum
Archive => 16.1 Legacy Series => Topic started by: lotusje on June 07, 2016, 03:23:45 pm
-
Salutations to all.
I have an A10 router with opnsense, on which i am trying to achieve the following:
1) set the 2 other ports on the router as switch (wich apparently worked).
2) configure an openvpn connection as client for 5 specific ip's.
At the end of step 2 is where I seem to run into problems.
As a guide for this step I used the excellently written instructions from Peter Wretmo on his blog.
However in his example he uses multiple subnets which i don't.
I am trying to have all LAN clients go through the WAN and just have 5 ip's routed via VPN.
After the last step "Route outgoing traffic through the VPN interface" - "Create firewall rules" (in my case; creating the 5 firewall rules for LAN and placing below the anti lockout rule), all clients connect through the VPN instead of WAN.
The exact opposite of what I want and expected.
However they do see local machines even those connected via the OPT3/switch, so my switch seems to work.
To make matters even stranger the 5 ip's I made a firewall rule for to go through the VPN, don't connect to anything at all except the firewall which here is on 192.168.5.1
Even other devices connected via the OPT3 switch on the same subnet are not visible.
So the link is up and working but the issue seems to be with the firewall rules or maybe a routing issue?
How is it that the "default allow LAN to any rule" results in going out over the VPN instead of the default route which in my setup is WAN?
How is it that the 5 exception rules which have as gateway the VPNV4, don't see anything except for the firewall?
Changing default gateway to VPN and back to WAN makes no difference. No matter what you select traffic goes out via VPN.
Any help, ideas or input would be greatly appreciated.
Thanks,
lotusje
-
I found the solution on the forum
https://forum.opnsense.org/index.php?topic=1951.msg6073#msg6073
the solution is in the attached photo of firewall settings at the bottom.
Sorry for not finding it sooner.
lotusje