!help! OPNSense configuration with OpenVPN and DD-WRT Netgear X6

[OPNnewb]

Hello!

I'm new to the forums, and new to hardware firewalls and routing in general, and I need some serious help figuring out how to configure my equipment.

My desired network setup is this:
Cable Modem -> OPNSense (all traffic via OpenVPN to a private provider) -> Netgear X6 -> Clients (wireless & wired)

I've attempted to follow these tutorials to get this to work:
https://forum.opnsense.org/index.php?topic=4979.0
https://wretmo.se/2016/01/24/how-to-setup-openvpn-client-on-opnsense/
https://doc.pfsense.org/index.php/Use_an_existing_wireless_router_with_pfSense

The issues I'm currently having, after following the tutorials, is that even though I see the VPN status is connected, none of my traffic is going over the VPN.  Worse yet, no clients behind the router have an internet connection at all.  When plugged directly into the OPNSense router, I have internet, but no traffic goes over VPN, verified via IPlocation.net.

I'm currently running DDW-RT on my Netgear X6.

Can anyone walk me through the configuration for OPNSense and DDW-RT to get this to work?  I've been trying to figure this out for about 6 hours at this point  :-[


Also,
The machine I got this morning from my friendly local parts graveyard, with a gigabit server NIC, and installed OPNSense.  Everything was verified working by the recycling center before purchase.
Specs: I5-2400 3.1Ghz quad core 4gb ram, dual port gigabit Intel server nic PCIE 4x

[dpbklyn]

It sounds like you may be double NAT'd.  How is the X6 Configured?

[OPNnewb]

It sounds like you may be double NAT'd.  How is the X6 Configured?

I've tried gateway and router, DHCP disabled with static IP for the PC I'm using to interface with it.  The router and OPNSense are on the same subnet.  Gateway is set to the OPNSense router.

Should I attempt to disable NAT on the X6?

Did I answer your question, or do you need any other info?

[dpbklyn]

I am also a newbie...If I were you, For testing purposes, just connect through a simple switch connected to the OPNSense box.

I would disable EVERYTHING on the X6 and just use it as an AP.

[OPNnewb]

I am also a newbie...If I were you, For testing purposes, just connect through a simple switch connected to the OPNSense box.

I would disable EVERYTHING on the X6 and just use it as an AP.

I don't have a switch handy, but I am connected directly to the OPNSense box since I have 3 LAN ports to work with.  The OPNSense box is currently connected to the modem, router, and my PC.  I've disabled everything I can, "router" mode disables NAT as well.

[dpbklyn]

I just re-read your original post.  It looks like you are having a two separate problems.

1. You can't VPN.
     a. What are you trying to VPN to?
     b. When you try to connect to the VPN are you outside of your network?

2. You cant connect when you are behind the router.
     a. Why are you wanting to use a router behind a router?
If this is for WiFi access, then you should shut down EVERYTHING except the WiFi.  Have the X6 pick up its address VIA DHCP from the OPNSense and have the clients also use the OPNSense as the DHCP server.  I bet there is SOME programming on the X6 that is getting in the way of the OPNSense.

[Noctur]

Try taking it a step at a time and build on success.

Take the Netgear offline. Turn OpenVPN off. Get OpnSense working for internet access, with your firewall, security measures in place.

Then get OpenVPN working to your provider.

Then add the Netgear in as an access point/switch. It should not be providing any DHCP, but getting its IP from the OpnSense box. Ideally you have a switch that you can plug the LAN from OpnSense into, then other PCs and Netgear into the switch.  Remember to use a LAN port on the Netgear and not the WAN port. If you can, assign the WAN port to the LAN on the Netgear to get 1 more port on the Netgear LAN switch.

The suggestion above is a good one - shut the complexity down and let the OPnSense box serve DHCP for your network.

[dpbklyn]

Yep, what Noctur said.