Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Web Proxy Filtering and Caching
(Moderator:
fabian
) »
Destination Based Routing
« previous
next »
Print
Pages: [
1
]
Author
Topic: Destination Based Routing (Read 2728 times)
Craash
Newbie
Posts: 24
Karma: 0
Destination Based Routing
«
on:
March 17, 2021, 05:27:21 pm »
I have moved from a pfSense device to OPNsense. I am about finished configuring the last few items. I’d appreciate some help with the last one which has eluded me to this point – and worked on pfSense
Important Info:
Interfaces:
WAN
– Primary WAN
LAN
- 172.20.0.0/24
OPT1 – Secondary Internet Provide - not important to this example
VPN
– OPN VPN Client to VPN anonymizer.
Aliases
VPNClients
– Network Clients which I want fully routed over VPN. This currently works as intended.
This VPN is the same VPN I'll use for VPNDestinations
VPNDestinations
– Locations I want routed over the VPN even though the host isn’t a part of VPNCLIENTS and normally uses the WAN.
For example: WS1 uses the WAN for almost everything. It is NOT part of the
VPNClients
Alias. However, I want to route traffic to the “BANK”, a member of “
VPNDestinations
” over the VPN.
It is routing non
VPNClients
over
VPNDestinations
that is giving me a headache. My NAT/Rules are below,
Not Perfect, but a link to google photos.
https://photos.app.goo.gl/BJeqiwSGiZ97RPDz6
«
Last Edit: March 17, 2021, 05:42:26 pm by Craash
»
Logged
Maurice
Hero Member
Posts: 1213
Karma: 158
Re: Destination Based Routing
«
Reply #1 on:
March 19, 2021, 05:33:45 pm »
The last outbound NAT rule (source "any" / destination "VPNDestinations") must be on the VPN interface, not the LAN interface.
Cheers
Maurice
Logged
OPNsense virtual machine images
OPNsense aarch64 firmware repository
Commercial support & engineering available. PM for details (en / de).
Craash
Newbie
Posts: 24
Karma: 0
Re: Destination Based Routing
«
Reply #2 on:
March 20, 2021, 02:12:07 am »
Thanks @Maurice.
I've changed the interface, but no change. Do you have any other suggestions? I'm about to pull my hair out over this.
Logged
Maurice
Hero Member
Posts: 1213
Karma: 158
Re: Destination Based Routing
«
Reply #3 on:
March 20, 2021, 02:32:52 am »
Check the log whether the firewall rule actually matches. Maybe there's something wrong with the 'VPNDestinations' alias?
Logged
OPNsense virtual machine images
OPNsense aarch64 firmware repository
Commercial support & engineering available. PM for details (en / de).
Craash
Newbie
Posts: 24
Karma: 0
Re: Destination Based Routing
«
Reply #4 on:
March 20, 2021, 02:52:48 am »
Ooooh. I feel like we are getting close.
I wasn't sure about which logs you were interested in, so I did this:
Created a new alias, VDEST, with only two entries. The FQDN and IP address of a site that lists you IP address (VPN, hopefully, in this case. I changed the VPNDestinations to VDEST in the NAT and Rule.
After I've done that, NO machines will pull up the site. they used to, but reported my fiber IP.
The machines that routed EVERYTHING over the VPN can't reach it, either. Which is new.
DNS will resolve the IP of the site I put in VDEST.
What log or setting can I check?
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Web Proxy Filtering and Caching
(Moderator:
fabian
) »
Destination Based Routing