OPNsense Forum

Archive => 18.7 Legacy Series => Topic started by: cbb09 on September 12, 2018, 04:35:08 am

Title: separate VLAN for VPN
Post by: cbb09 on September 12, 2018, 04:35:08 am

Hello,

I have the following setup working quite well:

VLAN 10 traffic is using default gateway
VLAN 20 traffic is going over VPN gateway (OpenVPN client interface)

What doesn't appear to work is to have one VLAN20 traffic rule to ANY with VPN gateway. External traffic via the VPN interface works fine, but LAN traffic doesn't get through as soon as I use a non-default gateway.

So, right now I have two rules for VLAN 20:
1. from VLAN 20 to local subnets via default gateway
2. from VLAN 20 to ANY via VPN gateway

For all local traffic, the first rule applies and if not non-local traffic, rule 2 sends it out via the correct gateway.

Now, I don't understand why local traffic gets blocked if I just have a simple VLAN 20 to ANY rule with VPN gateway. Something must change if the gateway is not the default one.

Any thoughts?

Thanks!

Title: Re: separate VLAN for VPN
Post by: mimugmail on September 12, 2018, 06:24:34 am

As soon as a second gateway comes into play you have to check the firewall logs on all gateways since the traffic flows not only in one direction.

Title: Re: separate VLAN for VPN
Post by: cbb09 on September 13, 2018, 06:04:39 pm

thanks - I will have a look at the logs...