OPNsense Forum
Archive => 18.7 Legacy Series => Topic started by: Flo_77 on August 28, 2018, 03:43:39 pm
-
Hello everyone,
I'm new in OPNsense but I used for a long time Pfsense, so this environment is quite familiar for me :)
While upgrading my setup, i'm stuck in something very weird... as the title says, I cannot define any specific gateway in rules. When I do that, I have no any outgoing trafic towards internet.
Only "default" gateway is working.
My alternate gateway is an OpenVPN client (the client has no problem).
I've got a trick, by changing the default gateway as my VPN gateway.
But with that configuration, if I want to revert to the "normal" gateway on other interface, such as a guest network for example, then I'm not gonna have any trafic flow, unless I let the default gateway which is my VPN (as I've changed it)...
Quite frustrating :(
Am I the only person who has this problem?
Thanks :)
-
Well, this problem seems to happen only on LAN interface. I tried on other interfaces, I can choose properly which gateway I want to use! 3 hours lost... :(
I suspect the anti-lockout default rule interfering on gateway-based rules below.
The temporary solution to avoid this behavior :
- Assign another NIC to a LAN2, with different subnet.
- On LAN2, add a rule on top of the list, to allow everything from LAN2 net to the firewall. Important!
- Copy somewhere an eventual static DHCP leases for LAN interface.
- Disable the LAN interface, delete it, and rename LAN2 into LAN
- Define again the right IP subnet for LAN (192.168.1.0/24 for me)
- Re-type every static DHCP leases you've stored before.
This way, there is no Anti-Lockout rule anymore and you'll be able to select the right ougoing gateway...
Hope it'll help
-
I'm not sure I'm following. I have multiple interfaces and use an OpenVPN server and client and have no problems with the default gateway not working.
Can you post your rule screenshots and what you want to happen and we can probably help out?
-
I'm not sure I'm following. I have multiple interfaces and use an OpenVPN server and client and have no problems with the default gateway not working.
Can you post your rule screenshots and what you want to happen and we can probably help out?
Thanks for your answer.
The issue is when I set something else than the default gateway, on the last rule of the LAN interface to allow outgoing trafic. There is no trafic.
Besides, I made the correct configuration in Outbound, to allow 192.168.1.0/24 at the VPN interface.
This problem seems just to happen for the LAN interface. So I found a workaround to avoid this issue, by deleting the LAN interface after adding another interface to use as the LAN.
In attachments, the simple rule that I use on every interface to select which gateway to use. Doesn't work on LAN.
I think this is related with the anti-lockout rule, because this rule is created only for LAN, and this is the only interface which has this issue.
-
If you turn on logging for the rules, you should be able to see if it is hitting the wrong rule.
I left my anti lockout rule and had a few rules to route a specific IP through the VPN and the rest out the gateway.
Imgur looks to be down atm so I'll share some screenshots once it comes back to life of what my rules were.
I also didn't use the aliases, but just have the right networks listed.