Messages

Your pic shows NAT outbound rules, you also need pass rules on each interface:
On LAN interface, create a pass rule with destination: !(not) This firewall, gateway: WAN.
Create a same rule on LAN2 interface, except with gateway: VPNWAN.

Indeed, that was it, although now when I connect to VPN, any port forwarding on my ISP's IP is blocked.

VPN OFF => 95.231.234.179:61881 => open
VPN ON => 95.231.234.179:61881  => closed

95.231.234.179 is my ISP's IP.

It seems that stuff can get it but can't get out...
https://imgur.com/a/xxsbgxe

Hi, I'm trying to setup OPNsense so that 1 LAN (192.168.0.0/24) goes on WAN with the public ip assigned by my ISP and another LAN with a different subnet (192.168.3.0/24) uses a VPN (protonVPN) already configured on OPNsense.

Unfortunately, I'm unable to make it work, I can get VPN on both or ISP's IP on both...

I created 2 manual outbound rules for WAN (PPPoE with my ISP) and VPNWAN (virtual interface associated with openvpn) but it seems that this way I only have internet access on 192.168.3.0/24 with VPN but no on 192.168.0.0/24 (well, pings go through and telegram works, but if I try to load any non-cached page, it's timeout).
https://imgur.com/a/w521HUE

I suspect it has something to do with the automatically created rule but I'm stuck here...

(I know the VPNWAN rule is disabled, ofc it was enabled when debugging)

if I were you, I'd verify that firmware on the card is as it should be by booting it onto a vanilla freebsd of the same OPN version and on a linux one.
Cases like these can be down to corrupted or wrong firmware like a bad crssflash. Booting to other OS can help verify in a non-destructive way.

Thats actually helpful, im going to try this this weekend, thnx

Hi, did you find a solution? I have the same exact output from dmesg on opnsense.