Topics

1

General Discussion / DNS is not flowing between internal interfaces

« on: April 22, 2020, 05:09:29 am »

Hi team, I have multiple internal Interfaces setup and some using different external gateways.
Each internal interface has its own vlan and using DHCP in opnsense.

What I have found is that DNS records are staying within the Interfaced and not being published to other internal interfaces.

EG computer on vlan1 can talk to computer on vlan2 but can't resolve via its name.

Any idea what I have missed here?

2

General Discussion / [Sloved] Trying to replace pfsense box with opnsense box

« on: July 21, 2019, 09:20:43 pm »

Hi, I’ve been trying to replace my current setup I have with pfsense to opnsense and I seem to be hitting a brick wall with my openvpn connection playing nicely with my other networks.
My full network consists of
•   Isolated guest network that needs to see the wifi controller on the native network
•   Isolated security camera network
•   Isolated IoT network
•   Always up VPN network
•   Native network (for day to day activity)
All of the above networks are Vlaned off from each other.

The hardware setup I have is a Intel NUC running esxi and pfsense is just a virtual machine with 6 virtual network cards.
The rest of the network is made up of unifi gear (switches and APs)
The pfsense router is the last/first Internal hop

To break this down to something I could work with and are the main building blocks I needed this.
•   1 ISP
•   VPN account with Nordvpn
•   1 native network
o   The native network should not use or know about the VPN gateway
•   1 VPN network
o   Computers on the VPN network should be able to see computers on the LAN network
o   Computers on the VPN network should not be able to access any external address if the VPN link goes offline.
On pfsense I have been able to achieve this mainly by
•   Setting up the openvpn client (I haven’t selected Pull routes, this will become more important later)
•   Setting up new opt interfaces
•   Not setting up a NAT Outbound rule for the VPN network (this is to prevent it using the network when down)
•   Forcing the VPN rules to push via the NORD_DHCP gateway (push all traffic to NORD_DHCP gateway if possibly)
•   Setting the standard WAN gateway as the default gateway (allows my other interfaces to work correctly when * is picked for default gateway)
All works a treat

I then tried to replicate the setup on opnsense and run into these issues
The main issue I’m seeing is due to having more than the 1 network, if I only had one I think this would kind of work but I don’t so here I am
When I follow NordVPNs samples, they say “select the Pull routes” on the OPENVPN client.
When I do this it appears the Default address of the router now becomes the OPENVPN address and all traffic tries to route via it, I’ve saw this by running the traceroute commands against each interface in the diagnostic menu. I did make sure that native WAN gateway was set to default first.
I can kind of make this work by on my normal LAN firewall rules change the all traffic rule to exits via the WAN_DHCP but then I ran into a problem with my DNS not working so I needed to add a rule above this one to say DNS traffic needed to use the default gateway (*). Then the native network worked fine. However the guest network I couldn’t get working.
I have a look at the routing table and I see a 0.0.0.0/1 to use the OPENVPN IP

When I follow my pfsense setup I see that the OpenVPN client doesn’t have “Pull routes” selected so if I left it off like pfsense, this time nothing travels via the VPN interface when doing a Traceroute, even the NORDVPN interface, this is the difference I can see between pfsense and opnsense. In pfsense the NordVPN interface knows enough to use the OPENVPN client to use this interface even when routes aren’t pulled.

I’ve tried 19.1 and 19.7 and both versions provide the same outcomes.

Any suggestions here would be appreciated.