"
I'm hitting a roadblock here, and not sure how to make my routes work correctly.
Basics:
LAN: 10.35.35.1/24
Several [wireguard] VPN connections configured via https://docs.opnsense.org/manual/how-tos/wireguard-selective-routing.html, and working perfectly via selective IP addresses (aliases). I also have gateways to each of the VPN tunnels. Everything works perfectly.
Recently, I added a WAP that allows me to tag a certain WiFi network with VLAN, so I'm trying to create a WiFi network that, when connected to, routes automatically over one of my VPN connections.
The concerned VLAN is "VLAN20" ... and no matter how I specify the routing, I can't get VLAN20-tagged packets to route over the VPN. DHCP is working for VLAN20 (192.168.20.1/24), and I get good addresses when I connect; just no internet (over the VPN) when connected.
From my understanding, this requires two new rules:
I have tried forcing VLAN20 packets to use the VPN_gateway via:
And added the NAT:
Firewall -> NAT -> Outbound (VPN_interface VLAN20 net * * * Interface address *)
But no matter which way I force the gateway, no connected clients get internet through the VPN_gateway.
I even tried hard-coded IPv4/32 addresses in both Firewall rules and NAT ... still no internet though VPN_gateway.
I have read other tutorials online that seem to indicate I am addressing the right rules, but I cannot get connected clients within VLAN20 to use the VPN_gateway.
:(
Can anyone help me with the rules I am bungling or missing?
Basics:
LAN: 10.35.35.1/24
Several [wireguard] VPN connections configured via https://docs.opnsense.org/manual/how-tos/wireguard-selective-routing.html, and working perfectly via selective IP addresses (aliases). I also have gateways to each of the VPN tunnels. Everything works perfectly.
Recently, I added a WAP that allows me to tag a certain WiFi network with VLAN, so I'm trying to create a WiFi network that, when connected to, routes automatically over one of my VPN connections.
The concerned VLAN is "VLAN20" ... and no matter how I specify the routing, I can't get VLAN20-tagged packets to route over the VPN. DHCP is working for VLAN20 (192.168.20.1/24), and I get good addresses when I connect; just no internet (over the VPN) when connected.
From my understanding, this requires two new rules:
- Direction to send VLAN20 packets to the VPN_gateway
- NAT outbound rule to change anything in the VLAN20 net to the VPN interface's address
I have tried forcing VLAN20 packets to use the VPN_gateway via:
- Firewall -> Rules -> VLAN20 (* * * * VPN_gateway)
- Firewall -> Rules -> LAN (VLAN20 Net * * * VPN_gateway)
And added the NAT:
Firewall -> NAT -> Outbound (VPN_interface VLAN20 net * * * Interface address *)
But no matter which way I force the gateway, no connected clients get internet through the VPN_gateway.
I even tried hard-coded IPv4/32 addresses in both Firewall rules and NAT ... still no internet though VPN_gateway.
I have read other tutorials online that seem to indicate I am addressing the right rules, but I cannot get connected clients within VLAN20 to use the VPN_gateway.
:(
Can anyone help me with the rules I am bungling or missing?
