Messages

1

Virtual private networks / vlan routing to openvpn

« on: October 29, 2024, 06:57:42 am »

I have configured a VPN client using open VPN. The client works: there is a virtual interface and I get an IP address.

But now there are basically 2 things I would like to have.

1 - Create a VLAN which uses this VPN tunnel for all internet access.
2 - On another (existing VLAN) direct certain IP addresses from an ASN to this VPN tunnel.

Are both possible ? In case of the second option, which would be the approach ?
e.g. The VPN has an IP address in the 10.x range. Would I block 'regular' internet for those IP  addresses, so it uses the VPN as an alternative, or should I do something with DNS ?

2

General Discussion / Re: Block all rule on "in" still allows access from other VLAN. What can be wrong ?

« on: August 29, 2024, 08:24:04 pm »

It was indeed my dumb OPNsense beginner mistake. Interpreted the rule in the opposite direction. Now it's working as expected. @doktornotor the ping was from a different VLAN (192.168.5.x) which was maybe not clear enough mentioned.  Both thanks for your support 

3

General Discussion / Block all rule on "in" still allows access from other VLAN. What can be wrong ?

« on: August 28, 2024, 05:21:56 pm »

I am quite new to OPNsense, probably overlooking something.

I have a VLAN for which I defined an interface with DHCP server 192.168.3.x
For this interface I defined a "block all rule" direction IN (there are no other rules)

I still am able to ping a device on the 3.x network from another VLAN, what can be wrong ?

4

24.1 Legacy Series / Re: Moving from Draytek to OPNsense, trying to understand VLAN with DHCP

« on: July 24, 2024, 07:57:46 pm »

Thanks for you quick response. I did quite some reading and searching, but nothing pointed me
into this direction. I just tried it and it works like a charm 

The "switch emulation" is only for occasional testing purpose. The tagged VLAN goes to the actual switch/devices. 

5

24.1 Legacy Series / Moving from Draytek to OPNsense, trying to understand VLAN with DHCP

« on: July 23, 2024, 05:33:24 pm »

Since it is not possible with Draytek routers to have mDNS forwarding, which is required for Chromecast, I decided to give OPNsense a try.

With a Draytek background, at least one aspect is not clear to me. With Draytek you configure a "Network" with a DHCP server and assign a VLAN tag to it. You can assign this VLAN to a physical port as "untagged" as well. 
e.g. tagged to Port2 and untagged to Port3. The DHCP server serves both. 

I try to accomplish the same with OPN sense.
Defined a VLAN 4, assigned it to a logical interface with static IP 192.168.4.1/24 and enabled a DHCP server on this VLAN.

Now I want this VLAN to be also on a physical interface, I read somewhere to use a "bridge". So I created a bridge with both the logical interface from this VLAN as well as the physical port. (did not specify IP address here, since IP address/gateway is already on the logical I/F) I do not get any addresses via DHCP on the physical port. 

It this a correct way to accomplish this or are there other options ?