OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • English Forums »
  • General Discussion »
  • Subnets and Messy Rules
« previous next »
  • Print
Pages: [1]

Author Topic: Subnets and Messy Rules  (Read 1749 times)

eptesicus

  • Newbie
  • *
  • Posts: 20
  • Karma: 1
    • View Profile
Subnets and Messy Rules
« on: January 28, 2019, 03:57:00 pm »
I'm trying to go from a flat /20 network to subnets. I'm working on dividing my network up as below:

LAN - Currently contains most of the network at this time. Trying to move everything to VLANs/subnets
VLAN10_MGMT - Management network for DCs, DNS, ESXi hosts/vCenter, OoB management/console access, backups (may move to own subnet), monitoring servers/applications, etc. (Should be isolated, but also have access to everything?)
VLAN20_Storage - Network for NAS' with media and the SAN for VM storage. (Permit SAN for ESXi storage)
VLAN50_Users - My desktop, phone, laptop, etc. (Want access somehow to the management network, or everything... Not sure yet.)
VLAN70_DL - Download/torrent servers and DL automation services. (Want to view the web UIs from my Users and MGMT networks. Need to allow to read/write to the NAS on my storage network)
VLAN80_Web - Nginx reverse proxy servers, and any web-facing servers. (Only open ports to necessary services)
VLAN90_RA - Remote access - Squid proxy, VPN access to home network, RDP jumpboxes w/ Duo, ssh jumpboxes w/ Duo.
VLAN100_Guest - Guest wifi (Should be isolated completely with the exception of Plex and my other web services)
VLAN110_Wife - Wife's desktop, phone, tablet, etc. (Should be isolated completely with the exception of Plex and my other web services)
VLAN120_IOT - Internet of things... TV, Nvidia Shield... (Should be isolated completely with the exception of Plex and pi-hole DNS)

Right now, I have a PIA VPN on the firewall routing traffic to Torronto. When this was on, the guest wifi, wife and iot vlans wouldn't get access to the internet. I had to set their gateways to the WAN to fix that.

The problem right now is that when I enable the VPN, the LAN doesn't have access to the internet. Traffic should NOT be routing over that VPN, but something's happening where it's trying to, but is failing. I want it to go over the WAN, but for the time being, I don't want to set the WAN as a gateway, because then I can't access any of the other subnets.

Aside from starting my lab/home network from scratch, how do I make this all possible?









Logged
  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • English Forums »
  • General Discussion »
  • Subnets and Messy Rules
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2