Messages

Use the same gateway for the ips on your different vlan

1. Is possible
Create the openvpn setup - connect and valide it works. Then associate a virtual interface to your ovpn instance (ovpn1 in my case), enable it but don't add any ip or rules on it. Then create an nat outbound rule on that interface to any.
I suppose your vlan network has a few ip's assigned and everything works. If so, create a new gateway for the recently created openvpn connection and go to fw rules - vlan interface :
Add a pass rule for that interface, source you entire lan, destination any and gateway (the ovpn gateway)

This should do it.

I got the rule fixed. Thanks Bob.Dig
you helped me fixed this

my VLAN10 rule was wrong

you were right! the connection was broken. now it works.
interface: wg2
  public key: IiTLluo4hmsCYRq9Ln25Dj7sXn0zq9Ik********
  private key: (hidden)
  listening port: 51820

peer: L79E4IoaVZBXOyoMM82TvUIbiKlloRbUn********
  endpoint: 83.97.115.18:51820
  allowed ips: 0.0.0.0/0
  latest handshake: 1 minute, 34 seconds ago
  transfer: 184 B received, 680 B sent
  persistent keepalive: every 20 seconds

step1 done.
now let's see the rules.

1. I have no rules for the virtual interface mapping wg2.
2. the lan interface where I plan to use this as gateway has the following rule:
https://ibb.co/4JdGFHT
3. NAT outbound
https://ibb.co/Px5sskg

one interesting situation is this: when I add SURFSHARK_Wireguard as gateway for a specific host in the VLAN10 lan, If I ping the VLAN10 gateway from the host itself, I can't get to it.

the private key needs to be generated on the surfshark portal - so I did.
as in this : https://zone13.io/opnsense-surfshark-selective-traffic-routing-using-wireguard-2/
they don't specify the need for a keep alive value but I'll add 20s.
---
3 min later: I get traffic only for send. nothing received still

interface: wg2
  public key: OcSv/oo0elDtDPmGQ+5zVr0jUWUSUBfS7*********
  private key: (hidden)
  listening port: 51820

peer: L79E4IoaVZBXOyoMM82TvUIbiKlloRb*********
  endpoint: 83.97.115.18:51820
  allowed ips: 0.0.0.0/0
  transfer: 0 B received, 3.32 KiB sent
  persistent keepalive: every 20 seconds

this is how it looks like now:

root@yoda:/usr/local/etc/wireguard # cat wg2.conf
####################################################
# Interface settings, not used by `wg`             #
# Only used for reference and detection of changes #
# in the configuration                             #
####################################################
# Address =  10.14.0.2/16
# DNS =
# MTU =
# disableroutes = 1
# gateway =

[Interface]
PrivateKey = kMfvy7/6Ec4d73ERKJ90MqUkMug9Kh********
ListenPort = 51820

[Peer]
# friendly_name = WireGuard_tbs
PublicKey = L79E4IoaVZBXOyoMM82TvUIbiKlloR*******
Endpoint = ge-tbs.prod.surfshark.com:51820
AllowedIPs = 0.0.0.0/0

you're right as well.
Wireguard is back.

wg2 seems connected but 0 traffic

https://ibb.co/2FPm6xM

I've switch the WireGuard to openvpn. I'll fix the WireGuard config later. However the same config file works on desktop - something to check out for me.
Next, I've changed the interface from wg2 to openvpn1.
What have you noticed in the rules? I can't figure out the mistakes ☹️
Thank you

here they are

https://ibb.co/GkCkRy5
https://ibb.co/5KPHSHY
https://ibb.co/k1RfZsT
https://ibb.co/Z1b3x58
https://ibb.co/n8MdYJP

Just realized they haven't went through as the size is to big. Let me re do

Hi folks,

I am reopening this topic hoping that some of you may be able to help me. I spent the last week trying to figure this out and there is something off here.

I on OPNsense 24.7.7-amd64 and as for VPN provider I am using Surfshark.
I'll post here a short description of my setup:
I am trying to route via Surfshark WireGuard the a few hosts from the Lan network named VPN_VLAN10 (172.16.20.1/29)

Step 1:
I created the wireguard setup:
wg2 is the device under instances. as in the following attachement it looks connected however it never receives any traffic.

Step 2:
I assigned a virtual interface to WG2 and I named Surfshark_VPN.

Step 3:
I created a new Gateway which unfortunately doesn't connect.

Step 4:
I add the NAT outbound rule
Surfshark_VPN   any   *   *   *   Interface address   *   NO   

Step 5:
I add the firewall rule on the Lan interface I want to use this connection as gateway
IPv4 *   torrent_host_ip_lan    *   *   *   SURFSHARK_Wireguard   *

Now, from the host specified at step5 I cannot ping anyware, neither 172.16.20.1 which is the gateway for the VPN_VLAN10 lan network.
There is something I am completely missing, but I simply can't see it. on one hand the wireshark gateway is not connecting, second when I activate the routing via SURFSHARK_Wireguard gateway rule on the lan interface, I can't reach the lan gateway anymore.

Any suggestion at this point is highly appreciated.

Thank you

great to see this tool. thank you. planning to use it now.

can be closed.
the pppoe interface needs to have a Vlan attached to it to work. VLAN ID6 then it connects.

Hi all,

I just switch to KPN Fiber and I can see that their router is using PPPoE to connect to KPN.
I created the connection on my opnsense, however I can't make it connect.
Does anyone have this done? I need some guidance to make this work.
KPN support is not helping.

I tried :)