OPNsense Forum
Archive => 18.1 Legacy Series => Topic started by: qiwi on April 08, 2018, 10:44:06 pm
-
I recently switched from pfsense to opnsense, and I must say that I am really happy with this so far. However, there is one feature I cannot get to work. On my old router I setup a OpenVPN client to let the traffic from my server (single ip) pass through a VPN service from Private Internet Access. I tried setting this up in OPNsense, but when I enable the VPN Client internet for my whole network fails. I am really scratching my head why this is.
I did the following steps:
1) Setup the VPN through the guide provided at: https://helpdesk.privateinternetaccess.com/hc/en-us/articles/115005760606-Setting-up-a-Router-running-pfSense-Firmware
I have the idea that this is working, because the Status page at OpenVPN shows the following:
(https://www.degoudengans.nl/opnsense/vpn_status.png)
2) Assigned an interface
I assigned a interface for the VPN client called "PIA_OPNVPN", mapped to ovpnc1. Afterwards i checked "Enable interface" and let the other settings at there default.
3) Create alias for my server containing my server's IP address and alias name "Home_Server"
4) Configure Outbound NAT
I set outbound NAT to manual and setup the following rules:
(https://www.degoudengans.nl/opnsense/nat_rules.png)
After this configuration, when I start the OpenVPN Client my whole internet stops working. Disabling the client brings internet up again.
Can someone please help me getting this to work? Thank you!
-
Im not an expert but i think you got NAT wrong..nat address should be interface address..you are pointing it to alias “home server”
-
I'm trying to make sure I understand your use case and what your goal is.
Are you trying to mask your whole internal network through PIA?
I have TorGuard setup and just use a basic rule to route one host out. It's been working well now for me and wasn't that bad to setup.
I did a pretty similar process as I setup the VPN client, validated it connected. I setup an Interface and mapped it to ovpnc1.
I can see my VPN DHCP address setup in my Gateways and I just made that ping 8.8.8.8 to make sure it's working.
I setup manual outbound NAT similar to what you did as well.
My LAN Rule looks like:
https://imgur.com/sySZkpE
It routes a specific server first out the my TorGuard. I use that service specifically as I want to be able to port forward back via my VPN so that's why I've decided on that provider.
-
Thanks guys for your help! I was somehow sleeping. I adjusted the NAT settings as Dimi3 suggested and also added LAN rules as Animosity022 stated. Now everything works as expected.