Messages

As a follow up, this card worked great.  No mucking around, it just connected at 2.5Gbs and now I'm seeing throughput of 2.2Gbs.

I went with this nic, https://smile.amazon.com/gp/product/B08FB83C1H/ref=ppx_yo_dt_b_asin_title_o00_s00?ie=UTF8&psc=1  I guess we'll see if it works.  I have T1700G-28TQ switches which I'm pretty sure won't do 2.5Gb/s.

My fiber ISP has offered an upgrade from 1.0Gb/s to 2.0Gb/s for literally 10/Mo.   Is there a NBase-t 2.5/5.0 card supported yet that isn't $300?  Every thread I found was 1 year or so old.

I'm using a dell 7030 for my OPNsense box and it's LAN side and the rest of my important wired network is 10Gb/s, with Mellanox ConnectX-3 cards.

I appreciate any help or comments.

No responses?  I know people here are smarter than I . . .

I have 3 interfaces in my setup. 

• WAN (Gb/Gb Fiber)
• OPT1 (Spectrum Cable)
• VPN (out over WAN)

Currently I have these alias setup:

• Spectrum Clients
• VPN Clients

By adding a LAN rule, I can route machines who are a member of those aliases over the associated Connection/Gateway.  So that works fine.

However, I want to be able to route traffic based on destination and regardless of the LAN client.  I have these aliases setup

• SpectrumDestinations
• VPNDestinatins

I want to take a computer that normally uses the WAN and have it route over OPT1 if the destination is a member of SpectrumDestinations (like their streaming TV service).

Same thing for the VPN.  I want machines that normally route over the WAN to send specific traffic in VPN Destinations over the VPN (like banking info or UseNet info)

To summarize,
Routing an entire computer over any of the interfaces works.
Routing a specific destination, regardless of the LAN device, over a specific interface does NOT work.

My rule to route SpectrumDestinations is as follows:
Action Pass
Interface LAN
Direction IN
TCP/IP Version IP4 (IPV6 is turned off)
Protocol: ANY
Source RFC1918_Networks
Destination SpectrumDestinations Alias
Gateway OPT1

This rule is at the top of the rule list.

Please help?

Ooooh.  I feel like we are getting close.

I wasn't sure about which logs you were interested in, so I did this:
Created a new alias, VDEST, with only two entries.  The FQDN and IP address of a site that lists you IP address (VPN, hopefully, in this case.  I changed the VPNDestinations to VDEST in the NAT and Rule.

After I've done that, NO machines will pull up the site.  they used to, but reported my fiber IP.
The machines that routed EVERYTHING over the VPN can't reach it, either.  Which is new.

DNS will resolve the IP of the site I put in VDEST.

What log or setting can I check?

Thanks @Maurice.

I've changed the interface, but no change.  Do you have any other suggestions?  I'm about to pull my hair out over this.

[Interfaces:]

I have moved from a pfSense device to OPNsense.  I am about finished configuring the last few items.  I'd appreciate some help with the last one which has eluded me to this point – and worked on pfSense

Important Info:

Interfaces:
   WAN – Primary WAN
   LAN - 172.20.0.0/24
   OPT1 – Secondary Internet Provide - not important to this example
   VPN – OPN VPN Client to VPN anonymizer.

Aliases
        VPNClients – Network Clients which I want fully routed over VPN.  This currently works as intended. 
        This VPN is the same VPN I'll use for VPNDestinations
   VPNDestinations – Locations I want routed over the VPN even though the host isn't a part of VPNCLIENTS and normally uses the WAN.

For example: WS1 uses the WAN for almost everything.  It is NOT part of the VPNClients Alias.  However, I want to route traffic to the "BANK", a member of "VPNDestinations" over the VPN.

It is routing non VPNClients over VPNDestinations that is giving me a headache.  My NAT/Rules are below,

Not Perfect, but a link to google photos.

https://photos.app.goo.gl/BJeqiwSGiZ97RPDz6

Maybe an outbound NAT issue?

BTW, not sure I understand what Rule 1 is doing.

I've disabled it, and it still seems to route.   I'm going to update the thread topic.  Can you expand a bit on nat and what you think the rule might look like for site specific router and outbound NAT?

Honestly, that is two of us.  I had assistance on that part.

I'll disable it today and see if my routing still works. for the 'entire machine' routing.

[1. Rule 1]

Edit: Due to assistance from @greelan, I've updated the post with current changes.

Old pfSense user, migrating to OPNsense.

I have two WAN connections.
1.   Gig Fiber  -  WAN
2.   Backup Spectrum cable  -  OPT1

My default upstream is my Fiber.
I have successfully been able to route all of a client's traffic over OPT1.
I'm having trouble routing ALL machines on the LAN to OPT1 based on site destination.
For example.  Machine1 is set to route all traffic over OPT1.  Works.
Machine 2 should route over the OPT1 for specified destinations/sites and use the WAN for everything else..  Does not work.

I have aliases create called:
1.   SpectrumClients  The hosts in this group (LAN Ips) should have all traffic router over OPT1.  Currently Works.
2.   SpectrumDestinations.  These are the URLs/Ips that ALL machines, even those that typically use the WAN, should use OPT1 to reach.

This will apply to my VPN too (both scenarios) but I thought I start with this to remove the VPN tunnel from the problem.  A use case for this would be that I can watch TV on my machine, but I have to be on the spectrum internet side.  So, I want to leave my machine using the default gateway (WAN) but route the IPs for the soft TV over OPT1.  I have the gig/gig connection for normal use, but TV traffic moves to the spectrum cable line (OPT1)  It's really for the VPN, but I figured it would be easier to start with this one.

I have two rules that I use for the (working) 'route the entire client' scenario. 
1.   Rule 1 - Disabled[/b]
a.   Pass
b.   Interface: LAN
c.   Direction: IN
d.   Source: SpectrumClients
e.   Destination: This firewall
f.   Gateway: default

2.   Rule 2
a.   Pass
b.   Interface: LAN
c.   Direction In
d.   Source: SpectrumClients
e.   Destination: Any
f.   Default Gateway: OPT1

I've tried several different modifications, but no luck on routing all machines over the OPT1 for specific sites.
Any suggestions on what I need to create (or copy/modify) based on the rules above?  Of course SpectrumClients would change to SpectrumDestinations.

I am so thankful for any help or guidance.

500?  I guess I'll be going back to pfSense.  A least it has documentation.

I'm specifically looking for assistance with moving from pfSense and haProxy to OPNsense and haProxy or Nginx.

I seem to keep going around in circles and I'm just not getting it.  DM's welcome

.

Yes.  Public Net -> OPN with nginx -> Nginx(with wordpress) (although a static website too, which works)

Still confused.  I haven't done anything to Nginx outside of OPNsense's GUI.  I think the fastcgi you are talking about is on the ubuntu Nginx.