OPNsense Forum

Archive => 17.7 Legacy Series => Topic started by: Gargamel on October 12, 2017, 06:24:24 pm

Title: 2 x OpenVPN Connection, how to nat/use rules?
Post by: Gargamel on October 12, 2017, 06:24:24 pm

hi.
I have now come so far that i have 2 openvpn connection up.
One has a "public ipv4", intended for my servers. And the other is for any day use by unspecified users.

I have set up an alias, in there i have specified my computers ip (10.220.0.1) and computername.localdomain in.
In NAT -> Outbound i have created a rule in the top that specifies my alias as source, and interface as the public ip4 connection, other is defaults.
below this rule i have specified any as source and interface with the other openvpn connection.

When i look up "my ip" i get the non public ipv4 IP.

I have tried to create a LAN rule, specifying source=my alias, to use gateway of the public ipv4 gateway, and still i get the non-public.

Where and how should i create rules/NAT to be able to specify which lan ip goes to which openvpn connection?

I wish to make default is always non-public, and specify certain IP's to go thru the public one.

Title: Re: 2 x OpenVPN Connection, how to nat/use rules?
Post by: robvh on October 12, 2017, 07:56:00 pm

In your LAN rules, you should write that Source alias1 can go to Dest "any" via Gateway1.
A 2nd rule states that Source alias2 can go to Dest "any" via Gateway2.
If you cannot specify your list of servers as an alias, you could try to add a Block rule that prevents your "private" alias going into the public gateway.

Title: Re: 2 x OpenVPN Connection, how to nat/use rules?
Post by: Gargamel on October 12, 2017, 08:03:42 pm

Quote from: robvh on October 12, 2017, 07:56:00 pm

In your LAN rules, you should write that Source alias1 can go to Dest "any" via Gateway1.
A 2nd rule states that Source alias2 can go to Dest "any" via Gateway2.
If you cannot specify your list of servers as an alias, you could try to add a Block rule that prevents your "private" alias going into the public gateway.

1) Should i have some NAT settings for the openvpn connection?
2) Either the connection dies, because i try to use openvpn client in the gateway.
3) if i changes the rule to use WAN_DHCP its still dead
4) If i change the rule to default, it works, but then goes on WAN and not openvpn

Title: Re: 2 x OpenVPN Connection, how to nat/use rules?
Post by: Gargamel on October 13, 2017, 10:52:14 am

Can anyone explain why i get locked out from the network when i add this LAN rule?
IPv4 *   Stefan     *   *   *   OVPNPUBLICIPV4_VPNV4   

Stefan = 10.220.0.1, Gargamel, Gargamel.localdomain
OVPNPUBLICV4_VPNV4 = current online vpn connection/gateway

also, internet dies for this host, cannot even ping the firewall 10.220.0.254, cannot "dig" or ping outside world with this pass rule