1
17.7 Legacy Series / Using Opnsense only for VPN? Is it possible?
« on: September 19, 2017, 11:45:50 pm »
Hey guys,
First off, thanks for looking! I was wondering if this is even possible and would highly appreciate any input.
I have an Opnsense Virtual Machine on a server (running VMWare). Because I already have a hardware firewall, I would like to use Opnsense as nothing more than a VPN device, meaning I disabled all firewall rules and NAT on the VM (all of which are taken care of with the hardware firewall), and I'm only utilizing the em0 to LAN interface on the VM.
I created the appropriate NAT rules and set the appropriate rules on the hardware firewall, and after following the IPSEC roadwarrior VPN tutorial, I'm able to connect to the virtual machine and attain an ip address within the LAN for my iPhone.
The thing is, I cannot access anything else on the network other than what's in the LAN (VLAN 200).
I would like to be able to access VLAN 50 and VLAN 10 once I connect to the Opnsense VPN on VLAN 200. I should also point out that VLAN tagging occurs at the vSwitch level, and thus there is no need to set the VLAN tags within the Opnsense virtual machine.
I have tried setting up routes on the VM, and I see that pings (or other traffic) are able to get out and come back to the virtual machine, but once it hits the Opnsense virtual machine coming back, it terminates and stops the packet flow.
Is there anyone out there who has successfully set up such a configuration? If so, I'd really appreciate any input on doing the same? Is such a configuration even optional (meaning only using LAN on the em0 interface) and even so, are there more effective ways to do this kind of thing?
Thanks again for all your time!
-Dave
First off, thanks for looking! I was wondering if this is even possible and would highly appreciate any input.
I have an Opnsense Virtual Machine on a server (running VMWare). Because I already have a hardware firewall, I would like to use Opnsense as nothing more than a VPN device, meaning I disabled all firewall rules and NAT on the VM (all of which are taken care of with the hardware firewall), and I'm only utilizing the em0 to LAN interface on the VM.
I created the appropriate NAT rules and set the appropriate rules on the hardware firewall, and after following the IPSEC roadwarrior VPN tutorial, I'm able to connect to the virtual machine and attain an ip address within the LAN for my iPhone.
The thing is, I cannot access anything else on the network other than what's in the LAN (VLAN 200).
I would like to be able to access VLAN 50 and VLAN 10 once I connect to the Opnsense VPN on VLAN 200. I should also point out that VLAN tagging occurs at the vSwitch level, and thus there is no need to set the VLAN tags within the Opnsense virtual machine.
I have tried setting up routes on the VM, and I see that pings (or other traffic) are able to get out and come back to the virtual machine, but once it hits the Opnsense virtual machine coming back, it terminates and stops the packet flow.
Is there anyone out there who has successfully set up such a configuration? If so, I'd really appreciate any input on doing the same? Is such a configuration even optional (meaning only using LAN on the em0 interface) and even so, are there more effective ways to do this kind of thing?
Thanks again for all your time!
-Dave