1
Virtual private networks / Re: vlan routing to openvpn
« on: October 29, 2024, 01:28:27 pm »
Use the same gateway for the ips on your different vlan
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
2
Virtual private networks / Re: vlan routing to openvpn
« on: October 29, 2024, 12:37:42 pm »
1. Is possible
Create the openvpn setup - connect and valide it works. Then associate a virtual interface to your ovpn instance (ovpn1 in my case), enable it but don’t add any ip or rules on it. Then create an nat outbound rule on that interface to any.
I suppose your vlan network has a few ip’s assigned and everything works. If so, create a new gateway for the recently created openvpn connection and go to fw rules - vlan interface :
Add a pass rule for that interface, source you entire lan, destination any and gateway (the ovpn gateway)
This should do it.
Create the openvpn setup - connect and valide it works. Then associate a virtual interface to your ovpn instance (ovpn1 in my case), enable it but don’t add any ip or rules on it. Then create an nat outbound rule on that interface to any.
I suppose your vlan network has a few ip’s assigned and everything works. If so, create a new gateway for the recently created openvpn connection and go to fw rules - vlan interface :
Add a pass rule for that interface, source you entire lan, destination any and gateway (the ovpn gateway)
This should do it.
3
Virtual private networks / Re: [SOLVED] Wireguard selective routing
« on: October 27, 2024, 04:49:42 pm »
I got the rule fixed. Thanks Bob.Dig
you helped me fixed this
my VLAN10 rule was wrong
you helped me fixed this
my VLAN10 rule was wrong
4
Virtual private networks / Re: [SOLVED] Wireguard selective routing
« on: October 27, 2024, 04:28:42 pm »
you were right! the connection was broken. now it works.
interface: wg2
public key: IiTLluo4hmsCYRq9Ln25Dj7sXn0zq9Ik********
private key: (hidden)
listening port: 51820
peer: L79E4IoaVZBXOyoMM82TvUIbiKlloRbUn********
endpoint: 83.97.115.18:51820
allowed ips: 0.0.0.0/0
latest handshake: 1 minute, 34 seconds ago
transfer: 184 B received, 680 B sent
persistent keepalive: every 20 seconds
step1 done.
now let's see the rules.
1. I have no rules for the virtual interface mapping wg2.
2. the lan interface where I plan to use this as gateway has the following rule:
https://ibb.co/4JdGFHT
3. NAT outbound
https://ibb.co/Px5sskg
one interesting situation is this: when I add SURFSHARK_Wireguard as gateway for a specific host in the VLAN10 lan, If I ping the VLAN10 gateway from the host itself, I can't get to it.
interface: wg2
public key: IiTLluo4hmsCYRq9Ln25Dj7sXn0zq9Ik********
private key: (hidden)
listening port: 51820
peer: L79E4IoaVZBXOyoMM82TvUIbiKlloRbUn********
endpoint: 83.97.115.18:51820
allowed ips: 0.0.0.0/0
latest handshake: 1 minute, 34 seconds ago
transfer: 184 B received, 680 B sent
persistent keepalive: every 20 seconds
step1 done.
now let's see the rules.
1. I have no rules for the virtual interface mapping wg2.
2. the lan interface where I plan to use this as gateway has the following rule:
https://ibb.co/4JdGFHT
3. NAT outbound
https://ibb.co/Px5sskg
one interesting situation is this: when I add SURFSHARK_Wireguard as gateway for a specific host in the VLAN10 lan, If I ping the VLAN10 gateway from the host itself, I can't get to it.
5
Virtual private networks / Re: [SOLVED] Wireguard selective routing
« on: October 27, 2024, 04:00:03 pm »
the private key needs to be generated on the surfshark portal - so I did.
as in this : https://zone13.io/opnsense-surfshark-selective-traffic-routing-using-wireguard-2/
they don't specify the need for a keep alive value but I'll add 20s.
---
3 min later: I get traffic only for send. nothing received still
interface: wg2
public key: OcSv/oo0elDtDPmGQ+5zVr0jUWUSUBfS7*********
private key: (hidden)
listening port: 51820
peer: L79E4IoaVZBXOyoMM82TvUIbiKlloRb*********
endpoint: 83.97.115.18:51820
allowed ips: 0.0.0.0/0
transfer: 0 B received, 3.32 KiB sent
persistent keepalive: every 20 seconds
as in this : https://zone13.io/opnsense-surfshark-selective-traffic-routing-using-wireguard-2/
they don't specify the need for a keep alive value but I'll add 20s.
---
3 min later: I get traffic only for send. nothing received still
interface: wg2
public key: OcSv/oo0elDtDPmGQ+5zVr0jUWUSUBfS7*********
private key: (hidden)
listening port: 51820
peer: L79E4IoaVZBXOyoMM82TvUIbiKlloRb*********
endpoint: 83.97.115.18:51820
allowed ips: 0.0.0.0/0
transfer: 0 B received, 3.32 KiB sent
persistent keepalive: every 20 seconds
6
Virtual private networks / Re: [SOLVED] Wireguard selective routing
« on: October 27, 2024, 03:50:23 pm »
this is how it looks like now:
root@yoda:/usr/local/etc/wireguard # cat wg2.conf
####################################################
# Interface settings, not used by `wg` #
# Only used for reference and detection of changes #
# in the configuration #
####################################################
# Address = 10.14.0.2/16
# DNS =
# MTU =
# disableroutes = 1
# gateway =
[Interface]
PrivateKey = kMfvy7/6Ec4d73ERKJ90MqUkMug9Kh********
ListenPort = 51820
[Peer]
# friendly_name = WireGuard_tbs
PublicKey = L79E4IoaVZBXOyoMM82TvUIbiKlloR*******
Endpoint = ge-tbs.prod.surfshark.com:51820
AllowedIPs = 0.0.0.0/0
root@yoda:/usr/local/etc/wireguard # cat wg2.conf
####################################################
# Interface settings, not used by `wg` #
# Only used for reference and detection of changes #
# in the configuration #
####################################################
# Address = 10.14.0.2/16
# DNS =
# MTU =
# disableroutes = 1
# gateway =
[Interface]
PrivateKey = kMfvy7/6Ec4d73ERKJ90MqUkMug9Kh********
ListenPort = 51820
[Peer]
# friendly_name = WireGuard_tbs
PublicKey = L79E4IoaVZBXOyoMM82TvUIbiKlloR*******
Endpoint = ge-tbs.prod.surfshark.com:51820
AllowedIPs = 0.0.0.0/0
7
Virtual private networks / Re: [SOLVED] Wireguard selective routing
« on: October 27, 2024, 02:59:47 pm »8
Virtual private networks / Re: [SOLVED] Wireguard selective routing
« on: October 27, 2024, 01:34:38 pm »
I’ve switch the WireGuard to openvpn. I’ll fix the WireGuard config later. However the same config file works on desktop - something to check out for me.
Next, I’ve changed the interface from wg2 to openvpn1.
What have you noticed in the rules? I can’t figure out the mistakes ☹️
Thank you
Next, I’ve changed the interface from wg2 to openvpn1.
What have you noticed in the rules? I can’t figure out the mistakes ☹️
Thank you
9
Virtual private networks / Re: [SOLVED] Wireguard selective routing
« on: October 27, 2024, 01:02:47 pm »10
Virtual private networks / Re: [SOLVED] Wireguard selective routing
« on: October 27, 2024, 12:45:02 pm »
Just realized they haven’t went through as the size is to big. Let me re do
11
Virtual private networks / Re: [SOLVED] Wireguard selective routing
« on: October 27, 2024, 01:02:00 am »
Hi folks,
I am reopening this topic hoping that some of you may be able to help me. I spent the last week trying to figure this out and there is something off here.
I on OPNsense 24.7.7-amd64 and as for VPN provider I am using Surfshark.
I'll post here a short description of my setup:
I am trying to route via Surfshark WireGuard the a few hosts from the Lan network named VPN_VLAN10 (172.16.20.1/29)
Step 1:
I created the wireguard setup:
wg2 is the device under instances. as in the following attachement it looks connected however it never receives any traffic.
Step 2:
I assigned a virtual interface to WG2 and I named Surfshark_VPN.
Step 3:
I created a new Gateway which unfortunately doesn't connect.
Step 4:
I add the NAT outbound rule
Surfshark_VPN any * * * Interface address * NO
Step 5:
I add the firewall rule on the Lan interface I want to use this connection as gateway
IPv4 * torrent_host_ip_lan * * * SURFSHARK_Wireguard *
Now, from the host specified at step5 I cannot ping anyware, neither 172.16.20.1 which is the gateway for the VPN_VLAN10 lan network.
There is something I am completely missing, but I simply can't see it. on one hand the wireshark gateway is not connecting, second when I activate the routing via SURFSHARK_Wireguard gateway rule on the lan interface, I can't reach the lan gateway anymore.
Any suggestion at this point is highly appreciated.
Thank you
I am reopening this topic hoping that some of you may be able to help me. I spent the last week trying to figure this out and there is something off here.
I on OPNsense 24.7.7-amd64 and as for VPN provider I am using Surfshark.
I'll post here a short description of my setup:
I am trying to route via Surfshark WireGuard the a few hosts from the Lan network named VPN_VLAN10 (172.16.20.1/29)
Step 1:
I created the wireguard setup:
wg2 is the device under instances. as in the following attachement it looks connected however it never receives any traffic.
Step 2:
I assigned a virtual interface to WG2 and I named Surfshark_VPN.
Step 3:
I created a new Gateway which unfortunately doesn't connect.
Step 4:
I add the NAT outbound rule
Surfshark_VPN any * * * Interface address * NO
Step 5:
I add the firewall rule on the Lan interface I want to use this connection as gateway
IPv4 * torrent_host_ip_lan * * * SURFSHARK_Wireguard *
Now, from the host specified at step5 I cannot ping anyware, neither 172.16.20.1 which is the gateway for the VPN_VLAN10 lan network.
There is something I am completely missing, but I simply can't see it. on one hand the wireshark gateway is not connecting, second when I activate the routing via SURFSHARK_Wireguard gateway rule on the lan interface, I can't reach the lan gateway anymore.
Any suggestion at this point is highly appreciated.
Thank you
12
24.1 Legacy Series / Re: Created a migration tool for DHCP Static Reservations to Kea DHCP Server
« on: April 02, 2024, 02:59:43 pm »
great to see this tool. thank you. planning to use it now.
13
General Discussion / Re: KPN fiber bypass vendor router
« on: March 28, 2024, 03:07:00 pm »
can be closed.
the pppoe interface needs to have a Vlan attached to it to work. VLAN ID6 then it connects.
the pppoe interface needs to have a Vlan attached to it to work. VLAN ID6 then it connects.
14
General Discussion / KPN fiber bypass vendor router
« on: March 28, 2024, 12:43:22 pm »
Hi all,
I just switch to KPN Fiber and I can see that their router is using PPPoE to connect to KPN.
I created the connection on my opnsense, however I can't make it connect.
Does anyone have this done? I need some guidance to make this work.
KPN support is not helping.
I just switch to KPN Fiber and I can see that their router is using PPPoE to connect to KPN.
I created the connection on my opnsense, however I can't make it connect.
Does anyone have this done? I need some guidance to make this work.
KPN support is not helping.
15
General Discussion / Re: dns the same IP but different ports
« on: February 19, 2024, 07:18:26 pm »
I tried 