Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
Issues trying to route traffic over a VPN connection
« previous
next »
Print
Pages: [
1
]
Author
Topic: Issues trying to route traffic over a VPN connection (Read 2955 times)
wooki3
Newbie
Posts: 2
Karma: 0
Issues trying to route traffic over a VPN connection
«
on:
October 19, 2020, 02:13:30 am »
Hi all, First time poster here so sorry if this is in the wrong spot.
I was hoping that someone might be able to help me out or point me in the right direction with trying to route/port forward traffic over a VPN connection. I am wanting to switch ISPs for a better deal but the new ISP does not support port forwarding which I have to have. My thought is rent a VPS install OpenVpn server and route my traffic over the VPN to port forward from that side of things. I have gotten to the point where OPNsense is connected to the VPN and I am able to load the OPNsense login page on the server so the connection is good. This is were I am getting stuck. I have tried following just about every guide I can find but nothing seems to route either all traffic over the VPN connection or a least the traffic from the 2 clients that I need to forward from. Would someone be able to maybe point me in the direction of what my next step should be from this point? I have already created an interface and gateway with the VPN client connection. I also tried following another guide that had me create alias's for the IP's I wanted to forward from and that was at least able to get me to where the device can ping the gateway for the VPN but Im still not able to load any websites hosted on the device from the other side of the VPN. I also created a pass rule to allow traffic from LAN into the VPN network.
Also here is a small diagram of the layout:
SERVER(10.10.10.220)--->Switch--->OPNsense(10.10.10.1/24 and 10.8.0.2)--->WAN/OpenVPN--->OpnVPN Server(10.8.0.1)
Thanks!
Logged
Gauss23
Hero Member
Posts: 766
Karma: 39
Re: Issues trying to route traffic over a VPN connection
«
Reply #1 on:
October 19, 2020, 09:31:38 am »
What OS is running on that remote OpenVPN Server?
I´d suggest installing another OPNsense on a VPS and use that for OpenVPN. It´s not completely clear how this is done currently.
Because that is the spot where big parts of the magic will happen.
The remote OpenVPN server will have to port forward from its WAN IP to your internal server.
On the local OPNsense you need to allow that connection coming in on the OpenVPN interface.
For the OpenVPN connection you have to add the local network on the server side. The client should then load the routes it needs. You also have to add firewall rules on the OpenVPN interface to allow this traffic. Hint: don´t add the rules on the interface you added, add them to the generic OpenVPN section, otherwise it won't work.
Afterwards on the VPS (OPNsense) you add a port forward on the WAN interface to the internal IP and port of your server in the office.
Please create a graphical network plan and add screenshots of vpn server config and vpn cöient config.
Also screenshots of the Firewall rules on all interfaces which are involved.
«
Last Edit: October 19, 2020, 09:44:50 am by Gauss23
»
Logged
„The S in IoT stands for Security!“
wooki3
Newbie
Posts: 2
Karma: 0
Re: Issues trying to route traffic over a VPN connection
«
Reply #2 on:
October 20, 2020, 01:03:14 am »
Thanks Gauss, After reviewing I found I was missing a few things from the VPN Client config and now the VPN server hosted at 104.237.XXX.XXX is able to forward the traffic from ports 80,443,32400 that are back on my home network/OPNsense. I guess at this point is there a way to force all WAN traffic for a specific client through the VPN connection, specifically my Plex Server(10.10.10.201)? It needs to register the correct WAN address. I wont bother posting the VPN Server config as all seems to be good from that side, but it running on debian 9 and I just used PiVPN to sertup if it matters. Here are a few screenshots of my OPNsense setup.
Client Connection Status
Interfaces
Rules that would need to go over VPN, these obviously need to be set to VPNNET vs WAN and I have tested this and can access the services from VPN now.(Just need to get the plex server to show the VPN Servers wan address)
Rule on VPNNET
Current Plex IP and It showing running under the external
Logged
Gauss23
Hero Member
Posts: 766
Karma: 39
Re: Issues trying to route traffic over a VPN connection
«
Reply #3 on:
October 20, 2020, 07:47:39 am »
Attached is a firewall rule for a guest-network, forcing all clients on this interface to use another gateway.
You can adopt that rule to just use the host as source and only allow certain destination ports.
Logged
„The S in IoT stands for Security!“
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
Issues trying to route traffic over a VPN connection