1
Virtual private networks / Re: Trying to force certain hosts to use VPN when visiting certain URL
« on: March 23, 2021, 12:24:01 am »
I added VPN_Required URLs list alias to outbound NAT rule, and still having same issue.
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1]
2
Virtual private networks / Trying to force certain hosts to use VPN when visiting certain URL
« on: March 21, 2021, 11:14:59 pm »
Hi All,
I've successfully setup my OPNSense with Mullvad VPN per this Wiki article-
https://docs.opnsense.org/manual/how-tos/wireguard-selective-routing.html
If I force all traffic not destined for local LAN it work great.
Now I'm trying to configure such that only a subset of hosts on my LAN will use VPN when visiting a given list of URLs.
I used aliases for both, list of host that should use VPN, as well as list of URLs.
I already posted the question in this thread https://forum.opnsense.org/index.php?topic=21205.msg104373#msg104373
But could not find a solution , so it was recommended I repost here instead.
I've successfully setup my OPNSense with Mullvad VPN per this Wiki article-
https://docs.opnsense.org/manual/how-tos/wireguard-selective-routing.html
If I force all traffic not destined for local LAN it work great.
Now I'm trying to configure such that only a subset of hosts on my LAN will use VPN when visiting a given list of URLs.
I used aliases for both, list of host that should use VPN, as well as list of URLs.
I already posted the question in this thread https://forum.opnsense.org/index.php?topic=21205.msg104373#msg104373
But could not find a solution , so it was recommended I repost here instead.
3
Tutorials and FAQs / Re: TUTORIAL: Set up WireGuard for limited local hosts to use external VPN provider
« on: March 18, 2021, 09:50:31 pm »
BUMP
4
Tutorials and FAQs / Re: TUTORIAL: Set up WireGuard for limited local hosts to use external VPN provider
« on: March 14, 2021, 03:51:43 pm »
Here is screenshot
5
Tutorials and FAQs / Re: TUTORIAL: Set up WireGuard for limited local hosts to use external VPN provider
« on: March 13, 2021, 10:57:32 pm »
Yes, pTables does have IP resolved for FQDN I had set
6
Tutorials and FAQs / Re: TUTORIAL: Set up WireGuard for limited local hosts to use external VPN provider
« on: March 13, 2021, 06:25:20 pm »
Oh then if they're simple websites, this is very doable.
Have you made sure your SitesToVPn rule is above your rule that allows traffic to the internet?
Also you need to make sure the Outbound NAT rule is there.
Yes, I've made sure SitesToVpn rule is the first (top) rule for my LAN interface.
And I also had created my Outbound NAT rule per OP instructions.
Everything works fine when I use !RFC, but when I swap that out with alias of websites I'm trying to use (and undo the Inverse match), then traffic does not use VPN.
7
Tutorials and FAQs / Re: TUTORIAL: Set up WireGuard for limited local hosts to use external VPN provider
« on: March 13, 2021, 06:05:46 pm »
I'm only using YouTube.com as an example .... the destinations I'm trying to force thru VPN are simple websites that resolve to a single IP.
I was able to setup rules easily on my old Asus router (via AsusWrt-Merlin firmware).
So I'm hoping that achieving same thing with OPNSesne should be doable.
I was able to setup rules easily on my old Asus router (via AsusWrt-Merlin firmware).
So I'm hoping that achieving same thing with OPNSesne should be doable.
8
Tutorials and FAQs / Re: TUTORIAL: Set up WireGuard for limited local hosts to use external VPN provider
« on: March 13, 2021, 05:13:50 pm »
Any idea how to do this same thing, but only route via VPN based on specific
destinations?
For example I want PC1, PC2, PC3 to use VPN only when trying to access YouTube.com, but all other traffic from these systems (that is NOT going to YouTube.com) would go out the regular WAN interface.
I created a hosts alias for both group of PCs (PC1, PC2, & PC3), and another host alias for destinations that should be routed via VPN (e.g. UseVPN alias has YouTube.com, Amazon.com, google.com).
I setup rule same as listed in main post, but instead of !RFC, I have UseVPN as destination... but this is not working. All traffic continues to go out WAN interface. But works fine when I revert back to !RFC
destinations?
For example I want PC1, PC2, PC3 to use VPN only when trying to access YouTube.com, but all other traffic from these systems (that is NOT going to YouTube.com) would go out the regular WAN interface.
I created a hosts alias for both group of PCs (PC1, PC2, & PC3), and another host alias for destinations that should be routed via VPN (e.g. UseVPN alias has YouTube.com, Amazon.com, google.com).
I setup rule same as listed in main post, but instead of !RFC, I have UseVPN as destination... but this is not working. All traffic continues to go out WAN interface. But works fine when I revert back to !RFC
Pages: [1]