2 LAN; 1 on VPN, 1 not

Started by borgobio, March 12, 2024, 12:47:56 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
March 12, 2024, 12:47:56 AM Last Edit: March 12, 2024, 03:26:32 PM by borgobio
Hi, I'm trying to setup OPNsense so that 1 LAN (192.168.0.0/24) goes on WAN with the public ip assigned by my ISP and another LAN with a different subnet (192.168.3.0/24) uses a VPN (protonVPN) already configured on OPNsense.

Unfortunately, I'm unable to make it work, I can get VPN on both or ISP's IP on both...

I created 2 manual outbound rules for WAN (PPPoE with my ISP) and VPNWAN (virtual interface associated with openvpn) but it seems that this way I only have internet access on 192.168.3.0/24 with VPN but no on 192.168.0.0/24 (well, pings go through and telegram works, but if I try to load any non-cached page, it's timeout).
https://imgur.com/a/w521HUE

I suspect it has something to do with the automatically created rule but I'm stuck here...

(I know the VPNWAN rule is disabled, ofc it was enabled when debugging)
March 12, 2024, 11:28:06 AM #1
Your pic shows NAT outbound rules, you also need pass rules on each interface:
On LAN interface, create a pass rule with destination: !(not) This firewall, gateway: WAN.
Create a same rule on LAN2 interface, except with gateway: VPNWAN.
March 12, 2024, 03:12:54 PM #2 Last Edit: March 12, 2024, 07:30:36 PM by borgobio
Quote from: zan on March 12, 2024, 11:28:06 AM
Your pic shows NAT outbound rules, you also need pass rules on each interface:
On LAN interface, create a pass rule with destination: !(not) This firewall, gateway: WAN.
Create a same rule on LAN2 interface, except with gateway: VPNWAN.
Indeed, that was it, although now when I connect to VPN, any port forwarding on my ISP's IP is blocked.

VPN OFF => 95.231.234.179:61881 => open
VPN ON => 95.231.234.179:61881  => closed

95.231.234.179 is my ISP's IP.

It seems that stuff can get it but can't get out...
https://imgur.com/a/xxsbgxe
Print
Go Up Pages1
User actions