Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - TomHBP

Pages1
#1
Virtual private networks / Re: Local access / road warrior VPN - No internet with gateway group.
April 01, 2025, 07:20:09 PM
For future reference if anyone else comes across this:
On the interface for the External Access WireGuard VPN I added 2 rules.
1) Allow everything from this interface to the desired internal LAN/VLAN's with default gateway
2) Allow everything from this interface to everywhere with WAN_FAILOVER Gateway.

Seems to work great.
#2
Virtual private networks / Re: Local access / road warrior VPN - No internet with gateway group.
April 01, 2025, 06:58:53 PM
Hi, thank you for the response.
The VPN works fine when I'm using a single gateway, but when I use a group, it doesn't. This is a screenshot of the rule for my WAN and WAN_BKP. Although I don't expect this to work with WAN_BKP due to the aforementioned CG-NAT from my mobile carrier.
I'm using hybrid NAT, so the auto-created rules are there, but then they always have been.
#3
Virtual private networks / Local access / road warrior VPN - No internet with gateway group.
March 29, 2025, 07:22:17 PM
Hi All.

I used pfSense for about 8 years, and moved over to OPNsense about 4 months ago. It's been a learning curve, but an enjoyable one!

We've recently had some broadband outages, so I have set up an old router to bridge the hotspot from our phones into opnsense as a backup WAN. Mostly this stays down, and will only gain connection when we notice the main broadband is down. I've tested this setup, and everything seems to work nicely.

Separate to that, from day 1 I've had a Wireguard remote access VPN setup, so that I can administer my network remotely as if I'm on the LAN. We don't have static IP, and use Dynamic DNS for the server config. I realise that when we run on the mobile hotspots as WAN that this won't work, as the phone network is double-NAT. This is fine by me.

The problem is: Since I've had to update the default gateway of each VLAN to the 'WAN_FAILOVER' Gateway group from the previous defauly 'WAN'. I can no longer access the internet through my Wireguard VPN.
I CAN:
- connect to my VPN from anywhere and browse my LAN as before,
- connect to the internet from inside my LAN and VLANS as before.

However then connected to my VPN, the device I'm using has no internet, and I have to disconnect in order to make it work again.

I'm sure this is something simple, but I'm damned if I can figure out what I'm missing.

Any help gratefully received.

Tom.
Pages1