Show Posts
1
General Discussion / Routing specific networks over multiple independent VPNs
« on: August 15, 2021, 01:04:10 pm »
Hi all,
I'm once again considering migrating my x86 hardware router over to OPNsense from OpenWRT. Can someone help me understand if all the following feature is possible to implement in OPNsense?
What I have is several networks and have each network routed over several different connections to the internet via multiple VPN Tunnels. I.e. Network A default route is over WAN (standard), Network B default route is VPN 1, Network C default route is VPN 2. In effect this is the same as having multiple 'WAN' connections, but rather than using for fail-over, using them for specific internal networks.
A couple of other requirements:
- Some networks will still use the 'raw' non-VPN WAN
- Traffic must be two-way routable (i.e. inbound connections to the remote endpoint IP of a VPN tunnel must route to the matching network internally).
- Implementation must be strict - ALL non-local traffic goes over the requisite VPN connection. If the specific VPN for that network is down, it simply fails.
I've seen this post here: https://forum.opnsense.org/index.php?topic=4979.0 however this is different as it deals with just routing specific IPs over a VPN. I want to have whole networks routed over a specific VPN.
To acheive this in OpenWRT you have to create a secondary routing table and allocate the appropriate network to that routing table, i.e.:
1. Create secondary routing table VPN_A
2. Set the default route for VPN_A to the gateway IP and interface id of the VPN 'A' tunnel interface
3. Assign the local network to be routed to VPN 'A' to new the VPN_A routing table
Thanks.
I'm once again considering migrating my x86 hardware router over to OPNsense from OpenWRT. Can someone help me understand if all the following feature is possible to implement in OPNsense?
What I have is several networks and have each network routed over several different connections to the internet via multiple VPN Tunnels. I.e. Network A default route is over WAN (standard), Network B default route is VPN 1, Network C default route is VPN 2. In effect this is the same as having multiple 'WAN' connections, but rather than using for fail-over, using them for specific internal networks.
A couple of other requirements:
- Some networks will still use the 'raw' non-VPN WAN
- Traffic must be two-way routable (i.e. inbound connections to the remote endpoint IP of a VPN tunnel must route to the matching network internally).
- Implementation must be strict - ALL non-local traffic goes over the requisite VPN connection. If the specific VPN for that network is down, it simply fails.
I've seen this post here: https://forum.opnsense.org/index.php?topic=4979.0 however this is different as it deals with just routing specific IPs over a VPN. I want to have whole networks routed over a specific VPN.
To acheive this in OpenWRT you have to create a secondary routing table and allocate the appropriate network to that routing table, i.e.:
1. Create secondary routing table VPN_A
2. Set the default route for VPN_A to the gateway IP and interface id of the VPN 'A' tunnel interface
3. Assign the local network to be routed to VPN 'A' to new the VPN_A routing table
Thanks.