Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
23.1 Legacy Series
»
Excluding specific LAN IP's from using NordVPN (OpenVPN) as their WAN IP.
« previous
next »
Print
Pages:
1
[
2
]
Author
Topic: Excluding specific LAN IP's from using NordVPN (OpenVPN) as their WAN IP. (Read 4156 times)
fbeye
Full Member
Posts: 124
Karma: 1
Re: Excluding specific LAN IP's from using NordVPN (OpenVPN) as their WAN IP.
«
Reply #15 on:
July 08, 2023, 06:06:49 pm »
Morning..
Ok, two questions... You mention delete rules #7, I do not see 7
You mention delete out gateways..... I can easily do so, but maybe my NAT is wrong but, if I remove them, all those IP's all have x.x.x.182 "whats my ip" but they are supposed to have their own. I.E. 192.168.5.178 should also have WAN x.x.x.178, without the out rule, it does not. Maybe my NAT is wrong?
Logged
vpx23
Jr. Member
Posts: 91
Karma: 7
Re: Excluding specific LAN IP's from using NordVPN (OpenVPN) as their WAN IP.
«
Reply #16 on:
July 08, 2023, 06:57:02 pm »
Rule #7 was the LAN net to LAN net, maybe you already deleted it?
https://whatsmyip.com
shows your private address?
Please show a screenshot of both
https://whatsmyip.com
and
https://ipchicken.com
Logged
fbeye
Full Member
Posts: 124
Karma: 1
Re: Excluding specific LAN IP's from using NordVPN (OpenVPN) as their WAN IP.
«
Reply #17 on:
July 08, 2023, 08:02:44 pm »
So, I made a WITH_Out_rule and a WITHOUT_Out_Rule.. You can see, without my [wrongly made?] rule, my whatsmyip does not align with the said IP. I.E 192.168.5.180 should also be x.x.x.180, but when rule disabled, it uses default WAN IP. In this case, it is on the VPN.
Also, for me, the significance of my OUT NEEDING to be correct is, my email server won't outbound.
«
Last Edit: July 08, 2023, 08:04:31 pm by fbeye
»
Logged
vpx23
Jr. Member
Posts: 91
Karma: 7
Re: Excluding specific LAN IP's from using NordVPN (OpenVPN) as their WAN IP.
«
Reply #18 on:
July 08, 2023, 09:24:41 pm »
After reading your very first thread about the Cisco FPR1010 I understand that you actually got a /29 subnet from your ISP with 8 addresses (1x network address, 1x broadcast address, 6x usable addresses).
x.x.x.176 network address
x.x.x.177 server #1 (Virtual IP bound to WAN) - 1:1 NAT to 192.168.5.177
x.x.x.178 server #2 (Virtual IP bound to WAN) - 1:1 NAT to 192.168.5.178
x.x.x.179 server #3 (Virtual IP bound to WAN) - 1:1 NAT to 192.168.5.179
x.x.x.180 server #4 (Virtual IP bound to WAN) - 1:1 NAT to 192.168.5.180
x.x.x.181 server #5 (Virtual IP bound to WAN) - 1:1 NAT to 192.168.5.181
x.x.x.182 is your public WAN IP for all clients
x.x.x.183 broadcast address
y.y.y.27 Gateway to ISP
It was just very confusing because it looked like you used your private addresses as gateway when you just used the same number for the last octet of both public and private IP.
I'm not sure if the Virtual IPs themselves can be set as a gateway.
Please show us the Virtual IP settings for e.g. x.x.x.180 for better understanding.
Logged
fbeye
Full Member
Posts: 124
Karma: 1
Re: Excluding specific LAN IP's from using NordVPN (OpenVPN) as their WAN IP.
«
Reply #19 on:
July 08, 2023, 09:36:30 pm »
The CiscoFPR was just something I was using and wanted to know if it could be ...flashed.. to install OPNSense, I am not using it at all. But yeah..
Logged
vpx23
Jr. Member
Posts: 91
Karma: 7
Re: Excluding specific LAN IP's from using NordVPN (OpenVPN) as their WAN IP.
«
Reply #20 on:
July 08, 2023, 09:58:16 pm »
So what is the problem now, only the one GF laptop getting VPN address instead of WAN address or something else?
Logged
fbeye
Full Member
Posts: 124
Karma: 1
Re: Excluding specific LAN IP's from using NordVPN (OpenVPN) as their WAN IP.
«
Reply #21 on:
July 08, 2023, 10:05:17 pm »
Well, aside from it being "messy" I.E not being organized with aliases etc, does it all look legit?
Is me using the LAN w/ _OUT Gateways the right way, or should that be under outbound:nat?
Yeah, her laptop kept saying she was on a VPN even though her IP was added to the "bypass" list..Have not tried it since, maybe it was a glitch. My 2 tv's are bypassing correctly.
Logged
vpx23
Jr. Member
Posts: 91
Karma: 7
Re: Excluding specific LAN IP's from using NordVPN (OpenVPN) as their WAN IP.
«
Reply #22 on:
July 08, 2023, 10:29:37 pm »
If it's all working I don't see a problem. As you use 1:1 NAT outbound NAT configuration is not needed as also described here:
https://docs.netgate.com/pfsense/en/latest/nat/1-1.html
Logged
fbeye
Full Member
Posts: 124
Karma: 1
Re: Excluding specific LAN IP's from using NordVPN (OpenVPN) as their WAN IP.
«
Reply #23 on:
July 08, 2023, 10:36:24 pm »
I guess what sticks in my mind is, if I have 1:1 NAT, x.x.x.180 to 192.168.5.180, shouldn't outbound automatically go to it's NAT'd IP or is it normal for it [LAN IP] to default to default WAN Gateway [x.x.x.182]. I guess, I would assume that without any LAN rule, LAN ip should default in and out as it's NAT'd IP. But maybe in real world, outgoing is irrelevant [generally speaking, unless let's say an email server] so it does not matter what outgoing is, as most things are coming IN, which 1:1 NAT works correctly.
Logged
vpx23
Jr. Member
Posts: 91
Karma: 7
Re: Excluding specific LAN IP's from using NordVPN (OpenVPN) as their WAN IP.
«
Reply #24 on:
July 08, 2023, 11:03:24 pm »
I'm not very experienced with Virtual IPs but I guess when the packet is send out the fw looks up which interface the Virtual IP is bound to and then sends out the packet over this Interface. Due to the 1:1 NAT rule it should change the source address to the right one.
Just test it on one of your servers, go to
https://whatsmyip.com
then change the gateway in the LAN rule to any and see if the IP changes.
Logged
fbeye
Full Member
Posts: 124
Karma: 1
Re: Excluding specific LAN IP's from using NordVPN (OpenVPN) as their WAN IP.
«
Reply #25 on:
July 08, 2023, 11:38:54 pm »
Yes, so 192.168.5.180 (Has NAT 1:1 w/ x.x.x.180) will indeed whatsmyip with x.x.x.178, x.x.x.179 if I set the LAN "out" to them and withOUT and LAN rule will either be x.x.x.182 if VPN is off, or 45.86.210.117 if using VPN. So I think what you say makes sense.
Unless
defined, any outgoing resolves to default WAN Interface IP (of the FW?) or whatever VPN said FW/Wan Interface IP is.
So I suppose until otherwise informed.
1. I have my NAT or whatever wrong, and it SHOULD go out the same IP as is designated in without a LAN rule.
2. It is correct that outgoing will always be, unless defined, the default WAN/Interface IP and so my LAN OUT rules are correct.
3. My stuff works correctly, meaning outgoing does need to be defined, but I am doing it wrong regardless.
«
Last Edit: July 08, 2023, 11:41:08 pm by fbeye
»
Logged
vpx23
Jr. Member
Posts: 91
Karma: 7
Re: Excluding specific LAN IP's from using NordVPN (OpenVPN) as their WAN IP.
«
Reply #26 on:
July 09, 2023, 08:27:38 am »
Is "Upstream Gateway" checked in NORDVPN_VPNV4? If yes then uncheck it and test again.
Logged
fbeye
Full Member
Posts: 124
Karma: 1
Re: Excluding specific LAN IP's from using NordVPN (OpenVPN) as their WAN IP.
«
Reply #27 on:
July 09, 2023, 04:53:22 pm »
Interesting, it was not checked.
So I was looking into what we spoke about earlier, having multiple VPN Connections. Would I need to create multiple Interfaces for each VPN (1 states, 1 europe) or just multiple Clients under VPN:OPENVPN:CLIENTS... And then Would I do multiple under the MAIN existing client one or have separate clients?
For fun, ALL I did was under clients, create a NEW one, but no where can I find out how to select that one, which leads me to believe I would need an Interface for EACH client.
«
Last Edit: July 09, 2023, 05:52:08 pm by fbeye
»
Logged
Print
Pages:
1
[
2
]
« previous
next »
OPNsense Forum
»
Archive
»
23.1 Legacy Series
»
Excluding specific LAN IP's from using NordVPN (OpenVPN) as their WAN IP.