OPNsense Forum

Archive => 16.7 Legacy Series => Topic started by: DanMc85 on December 30, 2016, 04:05:49 am

Title: OPNSense (Hyper-V) w/Private Internet Access VPN
Post by: DanMc85 on December 30, 2016, 04:05:49 am

I currently am running a new OPNsense setup...

I have a Windows Server 2016 on a computer running Hyper-V with OPNsense installed.

Utilizing 2 NIC's... one for WAN (Cable Modem Attached), and one for LAN to my switches in my house with other wired devices utilizing Hyper-V Virtual Switches.

This is working great after I got it all setup today...

The next question is that I have a subscription to PIA (Private Internet Access) VPN.
I would like to route (most) of my traffic through this... with exception to a few devices such as my home security system, Wi-Fi calling cell phones, and a few other things.

I was wondering what would be the easiest way to segment some of the network traffic and use PIA in an OpenVPN Client setup?

Would VLANs be best and route an entire VLAN through the VPN? or create another virtual interface and static route through the VPN?

I am open to suggestions or if anyone can point me to a guide that has done this sort of setup before...

Thanks!

Title: Re: OPNSense (Hyper-V) w/Private Internet Access VPN
Post by: cake on December 30, 2016, 12:03:12 pm

Hi Dan, I got it (OpnSense) to route a IP on one subnet, and a entire other subnet to a specific interface (OpenVPN). I don't use PIA but its still relevant I think.

First step is to get your client up and running. This is my guess on how I did it earlier.
Log into GUI of OpenSense
VPN-->Clients-->add client
Now your on your own :-)
You can get allot of the info in the .opvn file PIA gives you. They may even have a tutorial for Opnsense or Pfsense that you can use.
Do your best and hopefully when you go to VPN--->Connection Status   its will running and show uptime.
I also have checked the box -->"Don't pull routes" on my config.

Second you will need to add a interface and name it. I called mine OVPNC1 (openvpn client). I set IPv4 Configuration type to none.

Third add a gateway System-->Gateways-->Add gateway
I named mine OVPNC1_VPNV4 also gave it a gateway of 10.8.0.1

Fourth go to Firewall-->Rules--->LAN2 (tab) - or where the device is that you want to selective route
Here is what mine looks like:
block/allow   Proto    Source                  Port      Destination    Port                   Gateway                      Schedule            Description
Alllow            IPv4*    192.168.1.100     *                    *                 *               OVPNC1_VPN4
Block             IPv4      192.168.1.100     *                    *                 *                            *             
(You can do the same for entire subnet just go to the proper Interface tab a do similar, rules get followed in order so Allow then Block gateway * (default) under it.                 

You might need to do something with Firewall--->NAT--->Outbound  (not sure)

Hope this helps you a little.