Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Virtual private networks
»
How to set different routes based on vpn instance traffic is coming from ?
« previous
next »
Print
Pages: [
1
]
Author
Topic: How to set different routes based on vpn instance traffic is coming from ? (Read 636 times)
shade_ch
Newbie
Posts: 21
Karma: 0
How to set different routes based on vpn instance traffic is coming from ?
«
on:
September 18, 2023, 02:11:31 pm »
Hello,
Edit: everything's working fine now, I added the answer at the end of the post.
I have the following context:
On an opnsense box, I have configured two openvpn "instances" (using the "new configuration way"): VPN_A and VPN_B.
Remote users can connect to these VPN instances and get an IP address on the corresponding vpn tunnel networks.
On the opnsense box, three gateways are configured: ISP_GW (to the ISP router), VLAN_A_GW and VLAN_B_GW (both to another router on the network which is connected to the opnsense box through a trunk port which "carries" two vlans: VLAN_A for VPN_A and VLAN_B for VPN_B).
As expected, users connected to VPN_A can ping the VLAN_A_GW, and users connected to VPN_B can ping VLAN_B_GW (and not the other way around).
In both VPN instance configuration, a DNS server is set. For both instances it is the same DNS server
In both VPN instance configuration, the "local network" field contains a set of networks among others the network of the DNS server, and the network where services which need to be reached are located. Except for the DNS server network all other networks are different.
The dns server and services are only reachable through VLAN_A_GW for VPN_A or VLAN_B_GW for VPN_B (rules are set on router side to allow inter-vlan connections)
Firewall rules are set on the opnsense box for the "OpenVPN" interface allowing traffic from tunnel network of VPN_A and VPN_B to access the network of the DNS server and the network of services which need to be accessible by remote users depending on the VPN instance they are connected to.
The problem I'm facing is the following:
If vpn users try to reach the DNS server, they can't reach it
The same applies, if vpn users try to reach any other server only reachable via VLAN_A_GW or VLAN_B_GW
I see nothing in the opnsense logs, and see no traffic on the trunk port
My questions:
Is it possible to set VLAN_A_GW as default route for all traffic coming from VPN_A and set VLAN_B_GW as default route for all traffic coming from VPN_B ?
If yes how can I achieve this ?
My answers:
Yes
In firewall rules for "OpenVPN" interface, do not forget to specify the destination gateway for each rule !
«
Last Edit: September 18, 2023, 03:16:15 pm by shade_ch
»
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Virtual private networks
»
How to set different routes based on vpn instance traffic is coming from ?