Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Virtual private networks
»
OPNsense using WAN instead of Wireguard gateway group
« previous
next »
Print
Pages: [
1
]
Author
Topic: OPNsense using WAN instead of Wireguard gateway group (Read 1172 times)
MarkH42
Newbie
Posts: 3
Karma: 0
OPNsense using WAN instead of Wireguard gateway group
«
on:
June 24, 2022, 11:25:28 pm »
Hello,
I have been working on transitioning from a Debian Linux firewall/router to OPNsense. Setup is currently as follows:
WAN : connected to ATT router
LAN : local network
Mull1,Mull2 : Connected to 2 different Mullvad Wireguard servers
ProtonFree : Free ProtonVPN Wireguard
VPN_GRP : Gateway group Mull1 and Mull2 as tier 1 and ProtonFree as tier 2
LocalVPN : Incoming VPN connections from road warrior devices
NAT is set to manual.
Outgoing connections from LAN and LocalVPN gets routed via the VPN_GRP so that is good. However all connections from the OPNsense box goes via the WAN interface including DNS queries resolved by Unbound DNS. I have set up DNS servers in System: Settings: General with one for each Wireguard gateway (I wish I could specify a gateway group) however this seems to be ignored.
Any advice on how to get the OPNsense box to use the VPN_GRP for outgoing connections and only use the WAN interface for setting up the connections to my Wireguard connections?
/Mark
Logged
Patrick M. Hausen
Hero Member
Posts: 6807
Karma: 572
Re: OPNsense using WAN instead of Wireguard gateway group
«
Reply #1 on:
June 25, 2022, 01:05:17 am »
Can you set the query source address in Unbound? Try setting it to the LAN address.
I'm running BIND, so just a guess on my part.
Logged
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do.
(Isaac Asimov)
MarkH42
Newbie
Posts: 3
Karma: 0
Re: OPNsense using WAN instead of Wireguard gateway group
«
Reply #2 on:
June 25, 2022, 04:43:51 am »
I guess I should have mentioned that I have configured Unbound DNS to only use the LAN and VPN interfaces. The WAN interface is not listed.
/Mark
Logged
Greelan
Hero Member
Posts: 1028
Karma: 72
Re: OPNsense using WAN instead of Wireguard gateway group
«
Reply #3 on:
June 25, 2022, 10:35:43 am »
Maybe you need this floating rule:
https://docs.opnsense.org/manual/how-tos/wireguard-selective-routing.html#step-9-configure-routing
Logged
MarkH42
Newbie
Posts: 3
Karma: 0
Re: OPNsense using WAN instead of Wireguard gateway group
«
Reply #4 on:
June 25, 2022, 11:20:54 am »
I have attached my floating rules. The first 2 were an attempt to make rules to route the firewall traffic over the VPN but they do not work right.
The last 2 rules are for the road warrior VPN network. the first routes internet traffic to the gateway group and works. The last was an attempt to route traffic to the LAN but that don't work right either.
The rest are the rules needed to make Wireguard work right.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Virtual private networks
»
OPNsense using WAN instead of Wireguard gateway group