Dedicated interface for NordVPN leaving the LAN unaffected.

Started by Broodjeworst, September 19, 2020, 09:39:36 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
September 19, 2020, 09:39:36 PM
Hi OPNSense experts,

Some time ago I posted a question
https://forum.opnsense.org/index.php?topic=17247.msg78386#msg78386
and got very useful awnsers (thanks!)
Now, months later... I'm attempting to add NordVPN
(openvpn) to my opnsense box and assign it to a new ethernet port on my box (still have 8 nics available) so that I can link it to a switch and plugin a wired divice and have a VPN connection.
If this works I would like to do the same trick with my corporate VPN.

When looking at the guide on:
https://support.nordvpn.com/Connectivity/Router/1292598142/OPNsense-19-1-setup-with-NordVPN.htm
it seems that this enables VPN for all interfaces? I want to leave my current LAN unaffected (including DNS settings).
And only have the openvpn tunnel exist for a new currently unassigned ethernet port.

What would I have to change? Or is there a guide/hints/tips to get a setup like this.

Thanks!
September 19, 2020, 11:00:55 PM #1 Last Edit: September 19, 2020, 11:03:31 PM by Koldnitz
I am by no means an expert.

However, I think if you assign an alias for the subnet you created on your VPN ethernet port and follow / adapt NilsS method

https://forum.opnsense.org/index.php?topic=4979.msg25066#msg25066

to your nordvpn configuration you should be able to get it to work for only what is in the VPN alias.

Be advised for me to make this work with AirVPN i had to uncheck the box for Don't pull routes and check the box for Don't Add/Remove Routes.

Cheers,

January 04, 2021, 04:15:44 PM #2
Hi Koldnitz,

Apologies for the late reply!
I was busy taking over some project tasks for a couple of colleagues that got Covid (they are doing fine now :)).

Thanks! the link was certainly useful, I've modified it a tiny bit for NordVPN and the Gateway's seem to be up (al green) connection ok and the VPN log seems to be ok.

The other part I've changed is to add a new NIC (renamed it to NORD) and apply the firewall rules on that one (Instead of LAN as mentioned in the howto) I've added DHCP for the new (NORD) nic under services
However no go, when I test the connection I get a new IP however no access (Internet/LAN/DNS) so I must be doing something pretty stupid...

The LAN interface still works :) so that's something
(I did have to add the previously automatically generated Firewall rules for LAN manually, since I've enabled "Manual outbound NAT rule generation" as stated in the HowTo)

Any Ideas would be welcome  :D

Kind regards!
Print
Go Up Pages1
User actions