Use a second gateway for P2P traffic.

[TheCodeGeek]

Hi folks,

I have a VPN service configured in OPNsense 19.7.4 and I want to use it exclusively for P2P traffic. I have an alias configured for the ports that I want to filter by. I want to block these ports from accessing my default gateway and force them to my second gateway. I want to force all other traffic to use the default gateway. I have been looking through the documentation, but the process to do this is unclear to me. Can anyone help?

Note: Currently, when the VPN is on, all traffic gets blocked (or is passed to the VPN and it's not working). The only way to gain access to the internet is to turn off the VPN. It would seem that OPNsense is trying to pass all traffic through the VPN, but I can't seem to figure out how to fix this. I also can't seem to figure out if I should place the rules in Floating, WAN or LAN.

[mimugmail]

Which guide did you follow for setup?

[TheCodeGeek]

I've followed various guides. But there are a number of things I don't understand. Like do I put all of the rules in the same part of the firewall? Should I use source or destination? Do I use floating or LAN or WAN? There seem to be too many variables.

If you meant with the VPN, I acted according to the following directions modifying the details for the provider: http://chronicgeekage.blogspot.com/2019/02/opnsense-and-pia-private-internet-access.html

[TheCodeGeek]

I try to create rules, but it seems that the rules aren't being used. When I place a rule in Floating if I set the rule to be both in and out, on any interface, on any network, with the source and destination ports set to my port range... It seems to do nothing.

[mimugmail]

Always use interface where traffic arrives first inbound. Check multi wan howto on OPNsense docs to learn how it works

[TheCodeGeek]

So... WAN [IN]? I will give that a try.

[TheCodeGeek]

Okay, so I gave that a try... It is still allowing the traffic to come through.

[mimugmail]

Can you check the live log? Then you will see what exactly is blocked.

[TheCodeGeek]

I'm relatively new to OPNsense. Could you please tell me how to do that?

[mimugmail]

Menu : Firewall : Log : Live Log/View

There you see which packets are blocked or allowed.

[TheCodeGeek]

I don't know what I'm looking for. Can someone please help?

[roadrage999]

Geek,

Read the following forum post front to back:

https://forum.opnsense.org/index.php?PHPSESSID=0fqidujgkp5roffgihk8svs0l5&topic=4979.msg19771#msg19771

This will walk you through every aspect of the setup and even has spots where others got stuck and solutions to push through.  Read the firewall rules at least 3x before going and attempting to set those up.

Check, Double Check , then Triple check the post and your setup to make sure everything is in line as the initial setup may get you most of the way there and then another user post will get you home. 

If your VPN client is online then its just a matter of ensuring your rules are correct and assigned to the proper interfaces.

[TheCodeGeek]

Thank you!