OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • English Forums »
  • Virtual private networks »
  • OpenVPNclient_and_Gateway_mixed_access_same_interface
« previous next »
  • Print
Pages: [1]

Author Topic: OpenVPNclient_and_Gateway_mixed_access_same_interface  (Read 586 times)

eliYAHU

  • Newbie
  • *
  • Posts: 1
  • Karma: 0
    • View Profile
OpenVPNclient_and_Gateway_mixed_access_same_interface
« on: August 30, 2022, 08:50:54 pm »
Hi, my understanding is that to set up an openvpn client for an interface one of the steps would be to force a manual outbound nat through that vpn client for the whole interface having nat outbound in hybrid (or manual) mode.

I wonder, would it be possible to do (hybrid) outbound nat through the vpn client for the rules that are using that vpn client as gateway but allow standard outbound nat traffic for the ones that are using the main gateway group for that interface?

Basically the traffic from almost all interfaces is going through the vpn client, but for the vlans that require media (netflix, primevideo, etc.) i would like to send all traffic trough the vpn client except for the traffic for those media providers.

I've tried using host aliases including every ip range for those domains, then having a general rule for the interface like:

IPv4 *    net_v035     *    ! net_INVERT_v035_group    *    SSVPNU_ICREI_VPNV4    *    allow v035 net to access INTERNET through SSVPNU_ICrei

but before that rule another one like:

IPv4 *    net_v035     *    host_HBOMAX    *    WAN_GATEWAY_GROUP_01    *    allow v035 net to access HBOMAX through WAN_GATEWAY_GROUP_01

Nevertheless it does not work, i believe because of the outbound rule:

SSVPNU_ICrei    v035 net    *    *    *    Interface address    *    NO    v035 manual NAT to SSVPNU_ICrei

I have configured 2 dns servers for the vpn client gateway and 2 dns servers for the main gateway.

Currently if i want an interface to access some of this services i have to change the access for the whole interface, because even when changing the vpn client country to mine the media providers that work don't offer the same content (copy-writes...).

Another question / problem that i am currently experiencing is that as i have only one vpn provider i can not set 2 different connections to the same provider because the virtual ip and virtual ip range that i get from the provider for the vpn client are the same (the provider allows me to make as many connections as needed). Is it possible to create and link an ip alias for them so they would be different ips and ranges in order to be able to connect to them both?



I hope my case is clearly exposed and has an easy solution that can many can apply. Thank you very much in advance for your help and may the Creator YHUH bless you all.
« Last Edit: August 30, 2022, 08:58:54 pm by eliYAHU »
Logged
  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • English Forums »
  • Virtual private networks »
  • OpenVPNclient_and_Gateway_mixed_access_same_interface
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2