"
Hi all,
I have a use case to route connections from OpnSense itself via a specific VPN gateway if the destination is a specific ASN (Cloudflare).
For example, if I wanted to make sure that a command executed inside SSH such as
would be routed through wg0.
This is easy enough to accomplish for packets originating on LAN and other interfaces, but packets originating on OPNSense itself seem to go directly to WAN as OUT.
IN floating rule does not match traffic and OUT rule matches traffic, but if I set a different gateway on an OUT rule, connectivity to destination IPs is lost (which makes sense).
Workaround by creating static routes works, but static routes cannot be linked to an alias, which makes creating a route for every CloudFlare IP range impractical without a script, and this feels too much like a hack.
Any suggestions or anything I am missing here?
Closest match I could find to a similar question is here https://forum.opnsense.org/index.php?topic=41506.0, but seems without a successful resolution.
I have a use case to route connections from OpnSense itself via a specific VPN gateway if the destination is a specific ASN (Cloudflare).
For example, if I wanted to make sure that a command executed inside SSH such as
Code Select
wget https://updates.zenarmor.net/opnsense/FreeBSD:14:amd64/25.7/latest/packagesite.pkg would be routed through wg0.
This is easy enough to accomplish for packets originating on LAN and other interfaces, but packets originating on OPNSense itself seem to go directly to WAN as OUT.
IN floating rule does not match traffic and OUT rule matches traffic, but if I set a different gateway on an OUT rule, connectivity to destination IPs is lost (which makes sense).
Workaround by creating static routes works, but static routes cannot be linked to an alias, which makes creating a route for every CloudFlare IP range impractical without a script, and this feels too much like a hack.
Any suggestions or anything I am missing here?
Closest match I could find to a similar question is here https://forum.opnsense.org/index.php?topic=41506.0, but seems without a successful resolution.
