Routing does not work as expected.

Started by Vexz, December 20, 2024, 08:50:15 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
December 20, 2024, 08:50:15 AM Last Edit: December 20, 2024, 03:37:14 PM by Vexz
Now that OPNsense also supports Tailscale, I've been working on it.

My goal is to use my smartphone on the go as if I were in my home network. To do this, I set up OPNsense as an exit node on my smartphone.

So far, that works to some extent, but I have a special case that unfortunately doesn't work yet:
Devices in my home network that communicate with the internet do so via a VPN gateway. To make this happen, I created a firewall rule for my LAN network that routes traffic accordingly through this gateway.

These are the rules on my LAN interface:


My idea was to achieve the same result for my smartphone by rebuilding the firewall rule in the same way on the Tailscale interface. However, there is a rule above it that allows network traffic into the LAN network via the default gateway. This allows me to access every device in my home network via my smartphone, and the traffic to the internet should be routed through the VPN gateway.

Here are the rules on my Tailscale interface:


Unfortunately, this didn't work in my test. When I check on my smartphone which public IP I have, it has the IP of the WAN interface of my OPNsense, and I don't understand why.

Can someone please tell me where the problem is here?
December 20, 2024, 11:58:53 PM #1
I think firwall rules are ignored. Until I find a solution, I'm just gonna use my NAS in my LAN as exit node. This way everything works. But still, I'd prefer to use my OPNsense as endpoint.
December 24, 2024, 03:46:21 AM #2
I have the same need/requirements, and I also couldn't find a solution. I will also keep using my server as the exit node until this functionality is added.

In case it's helpful, I set up tailscale using the new plugin with the following steps.

1. Install the plugin in OpnSense using System > Firmware > Plugins > os-tailscale
2. Generate Log in to Tailscale on another machine and generate an auth key. Enter that auth key in OpnSense using VPN > Tailscale > Authentication >  Pre-authentication Key.
3. Enable Tailscale in OpnSense using VPN > Tailscale > Settings > Enable.
4. If desired, enable exit node in OpnSense using VPN > Tailscale > Settings > Advertise Exit Node
5. If desired, enable subnet routing such as VPN > Tailscale > Settings > Advertised Routes > Add 192.168.1.0/24
Print
Go Up Pages1
User actions