separate VLAN for VPN

Started by cbb09, September 12, 2018, 04:35:08 AM

Previous topic - Next topic
Hello,

I have the following setup working quite well:

VLAN 10 traffic is using default gateway
VLAN 20 traffic is going over VPN gateway (OpenVPN client interface)

What doesn't appear to work is to have one VLAN20 traffic rule to ANY with VPN gateway. External traffic via the VPN interface works fine, but LAN traffic doesn't get through as soon as I use a non-default gateway.

So, right now I have two rules for VLAN 20:
1. from VLAN 20 to local subnets via default gateway
2. from VLAN 20 to ANY via VPN gateway

For all local traffic, the first rule applies and if not non-local traffic, rule 2 sends it out via the correct gateway.

Now, I don't understand why local traffic gets blocked if I just have a simple VLAN 20 to ANY rule with VPN gateway. Something must change if the gateway is not the default one.

Any thoughts?

Thanks!

As soon as a second gateway comes into play you have to check the firewall logs on all gateways since the traffic flows not only in one direction.

thanks - I will have a look at the logs...