Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Virtual private networks
»
openVPN -> OpnSense + DoH + DNSsec + Suricata + Sensei protection
« previous
next »
Print
Pages: [
1
]
Author
Topic: openVPN -> OpnSense + DoH + DNSsec + Suricata + Sensei protection (Read 2319 times)
RamSense
Hero Member
Posts: 595
Karma: 10
openVPN -> OpnSense + DoH + DNSsec + Suricata + Sensei protection
«
on:
December 27, 2020, 12:45:29 pm »
openVPN -> OpnSense + DoH + DNSsec + Suricata + Sensei protection
What I want to achieve is -> Iphone or other wireless device with openvpn connection to opnsense vpn and have all the data pushed through the opnsense firewall so that all devices have the protection of opnsense with suricata and sensei and DoH and DNSsec running already on it and available to opnsense LAN devices.
So in short: iphone vpn -> all data communication with -> opnsense + DoH + DNSsec + suricata + sensei
My opnsense is running already with opnsense + DoH + DNSsec + suricata + sensei
I have added openvpn and I can make connection with my iphone 4g.
When I do visit page 1.1.1.1/help I noticed not being protected.
I added on the client export custom config: dhcp-option DNS 192.168.1.1
Did again test 1.1.1.1/help and now I do have connection to 1.1.1.1 and DoH.
But when I do a check on “ what is my ip”. On my iphone I see that it is still the ip of the cellular company and not the address of my home ISP IP. ?
And also ads are not being blocked on my iphone by sensei.
(When I change server with redirect gateway enabled, the result is that facebook app loads slow/weird and it looks like something is not configured right. So disabled this in my current config. )
What am I doing wrong here. or what am I missing / failed to add, or should I configure differently?
This is the setup:
2 interfaces. LAN – igb 1 and WAN – igb0
Firewall rules OpenVPN
interface openvpn, TCP/IP version: IPv4, protocol ANY, source "single host or Network" 10.0.8.0/24, destination any and destination port ANY.
Firewall rules WAN
interface WAN, TCP/IP version: IPv4, protocol UDP, source any, destination any, destination port range OpenVPN (1194)
VPN server:
protocol UDP, device mode TUN, interface WAN, port 1194, IPv4 tunnel network: 10.0.8.0/24, IPv4 local network 192.168.1.0/24.
VPN Client
Hostname: my ISP ip, port 1194, custom config: dhcp-option DNS 192.168.1.1
Thanks in advance for the solution! Would be great to have all devices protected with opnsense.
Ramon
Logged
RamSense
Hero Member
Posts: 595
Karma: 10
Re: openVPN -> OpnSense + DoH + DNSsec + Suricata + Sensei protection
«
Reply #1 on:
December 29, 2020, 07:05:53 pm »
I got the sensei working on VPN. I found this link and firewall NAT OUTBOUND RULE. After I added it, it works.
But I do not know what this NAT OUTBOUND RULE does.
https://preview.redd.it/37la84y46xs51.png?width=1583&format=png&auto=webp&s=66c26b7660fe4084ac1ef9e3838ab871c3655766
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Virtual private networks
»
openVPN -> OpnSense + DoH + DNSsec + Suricata + Sensei protection