Messages

Thank you for your reply!

Unfortunately there didn't seem to be any such file at /etc/config.xml as I got this returned:

Code Select Expand

cat: /etc/config.xml: No such file or directory

However, downloading the configuration, editing those parts out, and restoring from that edited configuration seems to have worked. I got an error from OPNSense on restore, but after rebooting those entries are gone from the Services>DHCPv4>Leases page.

I had an IoT VLAN interface that I have since replaced with a different interface. The initial interface has been removed. As you can see in the image, the interface column is empty for those entries on the Services>DHCPv4>Leases table. They don't show up at the bottom of the IOT DHCP Server page. I created a new interface on the same VLAN with the same DHCP settings as the initial interface and they still didn't show up on the DHCP Server page.

Is there a file I can edit through the CLI to remove these manually? They weren't listed in

Code Select Expand

var/dhcpd/var/db/dhcpd.leases* and clearing those and restarting didn't help either.

Thank you for taking the time to reply! I looked into the Multi WAN how-to, and it seemed like a load-balancing/failover type thing that wasn't what I was looking for. As for the VPN guides, VPN traffic is quickly shut down here and I don't have any VPN provider or server because of this. The good news is I got all my local subnets and intranet traffic working well! I did manage to set up a shadowsocksr client on the opnsense box that seems to be working via the opnsense box shell. I've started a new topic in general discussion as I still don't know where to look to get traffic from an Alias to go to that client. If you have the time and might be able to help me out again, please take a look:

https://forum.opnsense.org/index.php?topic=14927.0

I have a ShadowsocksR client running on my opnsense box. From the shell, I can see that it's working:

Code Select Expand

root@OPNsense:~ # curl --socks5 localhost:1080 ip.sb
101.202.101.222
root@OPNsense:~ # curl ip.sb
202.44.22.103

_{I've changed the IPs, but they are what is expected.}

So I know this service is working and ready to receive SOCKS5 traffic.

How can I send the traffic from an Alias (group of networks) to this service? I don't know if this is a gateway, tunnel, proxy, etc.

Googling forever has pointed me down roads that speak of Dante, Redsocks, and all manner of other things.

To be clear, I don't need to send this traffic out via SOCKS5 anywhere. I already have a service configured and waiting for SOCKS5 traffic. I just need to bundle all that traffic together and make sure the response goes back to the right client when it returns.

I don't mind needing to use the CLI to set another service up, but I would need some help with what I should be looking for. Also, I would need some help with firewall rules and NAT rules to make sure the traffic on an Alias that would otherwise go out the main gateway is redirected to 127.0.0.1:1080 as SOCKS5 traffic.

I've narrowed my ask down and moved it to General Discussion as I'm not sure it belongs here.

https://forum.opnsense.org/index.php?topic=14927.0

[The main thing I need help with is getting all the traffic from any host on the 192.168.2.0/24 subnet to go through the shadowsocks local client without the clients needing to set proxies.]

I'm currently living in China where OpenVPN services are regularly blocked. I've got a shadowsocks service I can connect to with great results and would like to ultimately have two gateways (?) to the internet--one standard to my ISP, and one that goes out via the shadowsocks connection. I'm pretty new to networking, but keen to learn so I'm hoping someone can give me pointers or at least correct my terminology because I'm honestly not even sure I'm searching for the right things.

Here's a rundown of what I want my network to look like:

ISP Modem -> opnsense -> Unifi Switches -> Wired clients and Wifi APs

I would like to have 4 local networks, one for networking devices, one for IoT things with lots of firewall rules to restrict inter-subnet communication and internet access, one for standard local (Chinese) internet access, and one that goes out of the Shadowsocks connection on port 1080 of the opnsource device.

I'm assuming I need to configure gateways and VLANS for these networks. I'm envisioning the following subnets:

192.168.0.0/24 -- Networking hardware such as opnsense, switches, and APs
192.168.1.0/24 -- All hosts that want direct (local) internet access
192.168.2.0/24 -- All hosts that want uncensored (shadowsocks) internet access
192.168.3.0/24 -- IoT devices that may be allowed to access the internet directly or through shadowsocks

I'd like to have 3 wireless networks to choose from (i.e. "RevNelson - China, RevNelson - Freedom, RevNelson - IoT") that are VLAN tagged to put the client on the correct subnet.

If someone could provide an overview of what it would take to set that up, it would greatly help me search for what I need to learn. Something like "You need to set a gateway with DHCP server for each respective subnet. Firewall NAT rules on WAN Outbound will let you send traffic from specific IoT devices out to the internet." I'm sure that's cringe-worthy to experienced network admins, haha.

If that's too big of an ask, I'm sure with enough poking around I can at least get the subnets set up on my own.

The main thing I need help with is getting all the traffic from any host on the 192.168.2.0/24 subnet to go through the shadowsocks local client without the clients needing to set proxies. This works great with an OpenVPN connection, but as I've said, those are too unreliable in this glorious place.

I'm looking for this same thing. Could anyone shed some light on this? I specifically chose OPNsense over pfsense for the shadowsocks plugin but can't seem to get traffic routed correctly.