Messages

I trust this is something that no one has seen before?

I tried switching to sloppy state and it made no difference on the assumption that the data was asymmetric.
Ive checked ntopng and i can see all the traffic coming from the host is going on point 1080

Hi all
I have a host in my network, we'll call it 192.168.0.5. On my OpnSense firewall i have 2 gateways, one is my modem (default) and the 2nd is a OpenVPN connection elsewhere.

What i want is for all traffic from 192.168.0.5 on port 1080 to go over my default gateway, and all other traffic to go over the VPN. This would mean that traffic going to a SOCKS proxy (1080) would go straight out of the network whereas traffic going elsewhere would go over the VPN.

I have 3 rules to try and achieve that:
Rule 1:
Direction: In
Protocol: IPv4 TCP/UDP
Source: 192.168.0.5
Source port: *
Destination: *
Destination Port: 1080
Gateway: WAN_DHCP

Rule 2:
Direction: In
Protocol: IPv4 *
Source: 192.168.0.5
Source Port: *
Destination: *
Destination Port *
Gateway: VPN

I have a 3rd rule that blocks any traffic from that host that doesnt go over the VPN (this works fine).

The trouble is that this only works for a few moments. Initially SOCKS traffic is routed straight out the network but after 5 min of connection all traffic goes back over the VPN. The only way to fix that is to reset the states and then it works again for 5 min or so and then back to normal.

Any ideas?

Change the management port in System: Settings: Administration and disable re-direct, see if that works.

This worked however its not how id like to solve the problem. Although it did point me in the right direction the reason the 443 requests were going to the opnsense page was because of the antilockout rules. With a slight adjustment there i've got it working.
Thank you for pointing me in the right direction

I have a port forwarding rule set up to forward 443 and 80 to an address within my network. When i access https://home.mywebsite.com from outside my network the traffic gets sent to the host within my network without any issue.

However when i go to the same address within my network (which resolves to the correct external IP address from within the network) i am presented with the OpnSense login page. That is OpnSense responds to the 443 request rater than passing it onto the address within my network.

When using my old ISP's router this was not an issue, it worked the way i would want it to however I suspect OpnSense is a little more specific and requires a little more setup.

What am i missing?

Does you DHCP provide your local domain as domain search suffix?
What happens if you retry your dnslookup with FQDN?

ATM it looks like without domain directly the root servers are queried.

Yes it does. I get the same results when using the FQDN

Ill give this a crack.
The DS doesnt know all my local entries that's correct, that is why the primary DNS server is the OpnSense box and then the OpnSense should pass it onto my DS, from there the DS can pass it on to 1.1.1.1.
Ill let you know how i get on :)

DOes any one have any ideas here? TO get around this issue ive set the DHCP server to give the secondard DNS server as 192.168.0.61 however this isnt ideal. The ideal approach for me would be for OpnSense to be the DNS server and then pass on requests to 192.168.0.61 who then passes them to 1.1.1.1

Hi All

I use OpnSense as a DHCP and DNS server, clients in my network have the DNS server set as the OpnSense address as primary (192.168.0.1)
The OpnSense settings (System->Settings->General) have the DNS server set as my other local DNS server (192.168.0.61).

The OpnSense system has my local domain defined, when i ping hosts assigned by the OpnSense DHCP server (DHCPv4) the host is resolved without issue. When i try ping a host where the A record is kept on 192.168.0.61 it does not resolve.

I have done a dns lookup on the OpnSense system, one such host is WinSrv. The results are screen shot here: https://postimg.cc/fkL1Sv9L

Ultimately i need names that dont resolve on the OpnSense Unbound DNS server to be forwarded to 192.168.0.62 as this is the DNS server of my Domain Controller. If the address doesnt resolve here it will be forwarded out to 1.1.1.1 - or whatever DNS server i pick.

Where am i going wrong?

I've answered my own question!
YOu need to select the below

Hi All

I have an OpenVPN client set up on my OPNsense box which i route traffic from one host through, the rest of the taffic from other hosts takes the normal way out. The issue i have is that if the VPN goes down for whatever reason the OPNsense box will route the traffic through the usual gateway until the VPN is restored. I do not want this.

Current LAN rules


The current rule are above. I was of the belief that the would be matched on a first come first serve, one the VPN is down it would try the next rule which would block it. What i guess happens is that the OPNsense firewall tries the VPN, sees its down and then sends it to the default gateway rather than getting to the next rule.

Does any one have any ideas on how i can get the result im looking for?