Kicking out Unifi

Started by Kieeps, September 05, 2020, 09:26:23 AM

Previous topic - Next topic
So i'w been running Unifi in my house for a while, i had a USG4P, unifi layer2 switch and 2 APs.
But lately i'w felt as if i'w outgrown the system and wanted to start a new project and replace my entire network with anything BUT unifi.
The reasoning behind this is that i want to learn, and with unifi holding my hand whenever i want to do ant configuration i wont learn anything.

So the current setup is:
Dell r220 running opnsense
2x Aruba s2500 layer 3 switches
The 2 unifi APs i mentioned (yes i have a new Aruba AP 505 flying in from the internetz to replace them)

The main reason i got feed up with unifi is the poor support for VPN and routing, but the move to opnsense has been a bit more of a challenge then expected. not tha it can do anything i will ever want it to do, it's just very apparent  how spoiled i'w been with the automagic world of unifi.

But on to the reason of this post
, i'w had a hard time wrapping my head around wireguard.
I have a set up site-to-site wireguard tunnel to a off-site server i use for backup and under stuff, i used a guide so it was pretty straight forward BUT... the thing with "Allowed IPs" messes with my mind... the guides i read said to put 0.0.0.0/0 as allowed ip and that routs ALL traffic through the tunnel, i dont want that.
i changed Allowed IPs to the tunnel ip and that gave me access to the off-site server but didnt rout all traffic through... great!

now to the next VPN, i have a MullvadVPN account that i want to use to connect to a Norwegian server and have vlan11 to route through that VPN  so that i can make an Norwegian SSID so that my Norwegian GF can use her Norwegian apps.
This is where i run in to the same problem again, once again the config from Mullvad want me to set 0.0.0.0 as Allowed IPs but that will route ALL traffic through the VPN.
I tried to add 192.168.11.1/24 (vlan11) as the Allowed IP but for some reason it wont recognize as a valid config so the wg1 interface wont appear.

When i couldn't figure out how to fix that i jumped on my other VPN project, simply to have a Wireguard server for my phone/laptop to connect to. this was basically as straight forward as the site-to-site but yet AGAIN i run in to the same problem as before, i cant figure out what to add to the allowed ips to NOT rout my entire network through the VPN.

I'w read through some "Wireguard explained/for noobs" guides but cant seem to figure this out... the wireguard tunnels seem to work with 0.0.0.0 but brings down my entire network in the process :(

Anyone who could explain this to me?

Quick update... The wireguard site-to-site stoped working and I have no idea why  :-D
I'w reset basically everything and starting over :-)

Set the Gateway (Remote IP in your tunnel Network, so the Norwegian Site) in the Rule which is for the Devices you want to route over the VPN
(Unoffial Community) OPNsense Telegram Group: https://t.me/joinchat/0o9JuLUXRFpiNmJk

PM for paid support