Issue routing WIFI traffic

Started by TomT, April 19, 2021, 03:51:44 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
April 19, 2021, 03:51:44 PM
Hi,
My opnsense has:

LAN: 192.168.1.1 /24
OPT1WIFI: 10.10.10.1 /24

Devices connecting via Wifi get a DHCP IP Address in the 10.10.10.x range and I have rule on OPT1WIFI that routes all traffic out via my Wireguard PIA VPN. That seems to work fine.

But I'm having an issue allowing a Wifi device access to the LAN.. the traffic is sent out via the PIA Gateway not to the local device.

These are the rules I have configured on OP1WIFI.




  • Block IPv6 mDNS
  • Stop wireless clients getting to OPT2
  • Any wifi client can access the LAN printer
  • Specifc Wireless devices don't use the VPN
  • Block anything that isn't in the AllowedList from the LAN
  • Set the default gateway.

These rules are copied from a working pfSense, which I'm trying to move away from.

The wireless devices I've tried are in the AllowedList, but a traceroute from them shows the traffic is being sent via the WAN_PIAWG gateway, not to the local LAN device.

How do I only allow the 'AllowedList' access to the LAN ?

What I'm trying to achieve is set all wifi devices to use the VPN, except a chosen few.

Thanks
April 19, 2021, 10:01:14 PM #1
Any one any ideas on this ?

Thanks
April 19, 2021, 10:13:25 PM #2
Quote from: TomT on April 19, 2021, 10:01:14 PM
Any one any ideas on this ?

Make rule 5 a "pass" rule and do not negate "AllowedList".

Otherwise all clients in "AllowedList" will run into rule 6 and get WAN_PIAGW_IPv4 as gateway for all outbound traffic, which by your description seems to be what is actually happening :)
April 19, 2021, 11:07:35 PM #3
Thanks I'll try this tomorrow.
April 20, 2021, 10:08:49 PM #4
Thanks for the help.
All working now :)
Print
Go Up Pages1
User actions