Topics

I had an IoT VLAN interface that I have since replaced with a different interface. The initial interface has been removed. As you can see in the image, the interface column is empty for those entries on the Services>DHCPv4>Leases table. They don't show up at the bottom of the IOT DHCP Server page. I created a new interface on the same VLAN with the same DHCP settings as the initial interface and they still didn't show up on the DHCP Server page.

Is there a file I can edit through the CLI to remove these manually? They weren't listed in

Code Select Expand

var/dhcpd/var/db/dhcpd.leases* and clearing those and restarting didn't help either.

I have a ShadowsocksR client running on my opnsense box. From the shell, I can see that it's working:

Code Select Expand

root@OPNsense:~ # curl --socks5 localhost:1080 ip.sb
101.202.101.222
root@OPNsense:~ # curl ip.sb
202.44.22.103

_{I've changed the IPs, but they are what is expected.}

So I know this service is working and ready to receive SOCKS5 traffic.

How can I send the traffic from an Alias (group of networks) to this service? I don't know if this is a gateway, tunnel, proxy, etc.

Googling forever has pointed me down roads that speak of Dante, Redsocks, and all manner of other things.

To be clear, I don't need to send this traffic out via SOCKS5 anywhere. I already have a service configured and waiting for SOCKS5 traffic. I just need to bundle all that traffic together and make sure the response goes back to the right client when it returns.

I don't mind needing to use the CLI to set another service up, but I would need some help with what I should be looking for. Also, I would need some help with firewall rules and NAT rules to make sure the traffic on an Alias that would otherwise go out the main gateway is redirected to 127.0.0.1:1080 as SOCKS5 traffic.

I've narrowed my ask down and moved it to General Discussion as I'm not sure it belongs here.

https://forum.opnsense.org/index.php?topic=14927.0

[The main thing I need help with is getting all the traffic from any host on the 192.168.2.0/24 subnet to go through the shadowsocks local client without the clients needing to set proxies.]

I'm currently living in China where OpenVPN services are regularly blocked. I've got a shadowsocks service I can connect to with great results and would like to ultimately have two gateways (?) to the internet--one standard to my ISP, and one that goes out via the shadowsocks connection. I'm pretty new to networking, but keen to learn so I'm hoping someone can give me pointers or at least correct my terminology because I'm honestly not even sure I'm searching for the right things.

Here's a rundown of what I want my network to look like:

ISP Modem -> opnsense -> Unifi Switches -> Wired clients and Wifi APs

I would like to have 4 local networks, one for networking devices, one for IoT things with lots of firewall rules to restrict inter-subnet communication and internet access, one for standard local (Chinese) internet access, and one that goes out of the Shadowsocks connection on port 1080 of the opnsource device.

I'm assuming I need to configure gateways and VLANS for these networks. I'm envisioning the following subnets:

192.168.0.0/24 -- Networking hardware such as opnsense, switches, and APs
192.168.1.0/24 -- All hosts that want direct (local) internet access
192.168.2.0/24 -- All hosts that want uncensored (shadowsocks) internet access
192.168.3.0/24 -- IoT devices that may be allowed to access the internet directly or through shadowsocks

I'd like to have 3 wireless networks to choose from (i.e. "RevNelson - China, RevNelson - Freedom, RevNelson - IoT") that are VLAN tagged to put the client on the correct subnet.

If someone could provide an overview of what it would take to set that up, it would greatly help me search for what I need to learn. Something like "You need to set a gateway with DHCP server for each respective subnet. Firewall NAT rules on WAN Outbound will let you send traffic from specific IoT devices out to the internet." I'm sure that's cringe-worthy to experienced network admins, haha.

If that's too big of an ask, I'm sure with enough poking around I can at least get the subnets set up on my own.

The main thing I need help with is getting all the traffic from any host on the 192.168.2.0/24 subnet to go through the shadowsocks local client without the clients needing to set proxies. This works great with an OpenVPN connection, but as I've said, those are too unreliable in this glorious place.