How to route everything from lan going over VPN.

[novel]

I am sorry... it is step 10...

Now corrected this in original post...

So , I have to delete floatinf rules , right?

[tiermutter]

Yes... we do not need this in your case (routing everything* over VPN)

*SenseWAN traffic itself will not be routed over VPN... if you really need this, we will have a look later.

[novel]

Yes... we do not need this in your case (routing everything* over VPN)

*SenseWAN traffic itself will not be routed over VPN... if you really need this, we will have a look later.

It doesn't work. I fix the nat outband but I have no internet connection at all.

[novel]

Source address
   

Select the Alias for the hosts/networks that are intended to use the tunnel (eg WG_VPN_Hosts )

This choice what I have to put?

[tiermutter]

Nothing / any.

We do not want some clients (in an alias) to be routed over VPN, we want all (any).

[novel]

Nothing / any.

We do not want some clients (in an alias) to be routed over VPN, we want all (any).

I have any. I don't have internet at all :(

[tiermutter]

Sorry... put LAN net there!

[novel]

Sorry... put LAN net there!

The same I have no internet. I change from any to lan net

[tiermutter]

More details are welcome ;)

PLease try a ping from a LAN client / PC to 8.8.8.8 and do the same for google.com
I assume there is (still) just a DNS problem issueing "no internet"...

[novel]

More details are welcome ;)

PLease try a ping from a LAN client / PC to 8.8.8.8 and do the same for google.com
I assume there is (still) just a DNS problem issueing "no internet"...

I can ping 8.8.8.8 with success , I cannot ping with ping google.com

ping: google.com: Name or service not known

[tiermutter]

Fine so far... I don't know how to deal with this DNS issue at the moment, but we will see later...

Now just re-check step 3 and do those tests + screenshots...

Step 3 is to achieve that LAN clients will use VPN only.
3a) Go to Firewall: Rules: LAN and find the v4 default allow rule. Edit it and set the VPN as gateway.
3b) At Firewall: Rules: LAN find the v6 default allow rule. Disable it to make sure no traffic will go over WAN via v6 overriding your VPN. This is only suitable if IPv6 is activated for LAN/WAN.
3c) Post a screenshot of System: Routes: Status
3d) Traceroute 8.8.8.8 from LAN client (eg PC, not from sense!), post the output.
3e) Traceroute google.com from LAN client (eg PC, not from sense!), post the output.

[tiermutter]

PLease also tell what's the OS on your LAN client to test from... Win, Linux, BSD, ...?

[novel]

Fine so far... I don't know how to deal with this DNS issue at the moment, but we will see later...

Now just re-check step 3 and do those tests + screenshots...

Step 3 is to achieve that LAN clients will use VPN only.
3a) Go to Firewall: Rules: LAN and find the v4 default allow rule. Edit it and set the VPN as gateway.
3b) At Firewall: Rules: LAN find the v6 default allow rule. Disable it to make sure no traffic will go over WAN via v6 overriding your VPN. This is only suitable if IPv6 is activated for LAN/WAN.
3c) Post a screenshot of System: Routes: Status
3d) Traceroute 8.8.8.8 from LAN client (eg PC, not from sense!), post the output.
3e) Traceroute google.com from LAN client (eg PC, not from sense!), post the output.

Tiermutter route status is the same....First is wan from ISP not from vpn. I use dns over tls port 853 but I disabled.. I don't have internet.....
IPV6 is disabled ...When I installed opnsense I never enabled...

the ping is very slow respond....ping from 8.8.8.8 looks ok. show the correct gateway then public ip from vpn then the public ip from my ISP....

[tiermutter]

hm, ok... please post a screenshot of your LAN FW rules

[novel]

I know this is hardship for you. I am newbie with opnsense. I have a couple days installed.

I am sorry about that.