Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Virtual private networks
»
VPN with WAN fallback
« previous
next »
Print
Pages: [
1
]
Author
Topic: VPN with WAN fallback (Read 885 times)
Andreas.Wien
Newbie
Posts: 17
Karma: 2
VPN with WAN fallback
«
on:
November 29, 2022, 07:26:49 pm »
The usecases I find here force traffic through a VPN and block unencrypted WAN traffic.
I intend to implement a different policy:
primarily I want to use the VPN, and only as a failover the traffic can use plain WAN.
the two
System.Gateways.Single
gateways are
dpinger
monitored and
online
I guess I have to combine the two gateways in a
System.Gateways.Group
I've also created a
Frirewall.Aliases
list that defines all LAN sources that should follow this policy
a
Firewall.Rules.LAN
rule passes all such aliased Traffic to that Gateway-Group
Firewall.NAT.Outbound
rules run hybrid with some manually added ones, see below
System.Settings.General.Gateway switching
[X]checked
Firewall.Settings.Advanced.Skip rules
[_]unchecked
Firewall.Settings.Advanced.Sticky connections
[_]unchecked
however:
Tier1
(VPN) has not priority, traffic is routed unencrypted out the WAN, even if WAN is set to
never
in the group.
According to the
Firewall.Log Files.Live
View the "
(alias)-Traffic goes through VPN
" rule is applied to pass the trafic.
Help's appreciated! What am I missing here?
«
Last Edit: November 30, 2022, 01:21:35 am by Andreas.Wien
»
Logged
Andreas.Wien
Newbie
Posts: 17
Karma: 2
Re: VPN with WAN fallback
«
Reply #1 on:
November 30, 2022, 01:20:49 am »
I don't understand in which order the various mechanisms, even if they work as I believe, decide to which gateway the packet is routed:
policy
route
@
Firewall.Rules.LAN?
are
routes dynamically
added when an interface goes down?
Tier#
@
System.Gateways.Group
?
Priority
@
System.Gateways.Single
?
Weight
@
System.Gateways.Single
?
and what's the correct settings for a WAN and VPN gateway xactly?
Upstream Gateway
[_|X]?
Far Gateway
[_|X]?
I assume that, if I punch no holes, i.e. allow rules @
Firewall.Rules.OpenVPN
I'm safe from attacks that originate in the VPN network?
Logged
Andreas.Wien
Newbie
Posts: 17
Karma: 2
Re: VPN with WAN fallback
«
Reply #2 on:
December 02, 2022, 05:34:11 pm »
works4me since the update to Version
22.7.9
✓
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Virtual private networks
»
VPN with WAN fallback