HOWTO - Routing Traffic over Private VPN

[mimugmail]

Screenshots of Gateways, Gateway group, Firewall Rule and outbound Nat

[PaoPao]

Here are the pictures of my configuration.
However I am not sure that it works as 100%.

I just noticed that the floating rule doesn't work (:

Are there any other errors in the configuration?
(Except copy errors in the filter descriptions)

Gateway (Single)


Gateway (Group)


Outbound


Floating rules


LAN rules


I also use Pi-Hole (Raspi) with Outbound DNS over TLS.

[tibere86]

Here are the pictures of my configuration.
However I am not sure that it works as 100%.

What is in your "N_LOCALNETS" Alias? Mind sharing a screenshot?

[PaoPao]

Hi,

here the screenshot:


If you want the floating rule to work check this option:
Uncheck [ ] Skip rules when gateway is down

[rdofl]

Edited - I've posted my question in a new thread.

[HA4g3n]

 Hello,

Im been reading several posts about OPNsense and OpenVPN.
Im getting local DHCP clients getting routed throuh the VPN and its working.

But, i need to PortForward traffic over external VPN to a machine inside the LAN that uses static mapping but i really cant make it work..

Ill posty my config:

VPN:
Infinitely resolve remote server - Ticked
Don't pull routes - Unticked
Don't add/remove routes - Ticked
UDP enabled

Systsem\Gateways\Single:
WAN_GWv4 (default)   WAN

Port Forward:
OpenVPN:
TCP/UDP
NAT reflection - Enabled
Filter rule association - Rule Nat

Firwall\Settings\Advanced:
Reflection for port forwards - Ticked
Reflection for 1:1 - Unticked
Automatic outbound NAT for Reflection - Ticked

Running OPNsense 18.7.10-amd64

OVPN over openVPN.
WAN 172.22.1.4 - Edgemax 172.22.1.4 - ISP
LAN 192.168.1.2
VPN    10.128.64.xx Puiblic 185.x.x.x

Any tip is welcome

[TaceN]

Hey,

thanks for a great guide. Works perfect connecting through VPN.

I just have a question that I can't really figure out.
Is it possible to setup this functionality like this.

I'm using a Unifi USG router with two WAN ports.
I'd like to connect the computer running OPNsense to my CPE (port 1, seperate IP) and use a usb network adapter which is connected to my USG WAN2.
I'll also connect my USG to the CPE (port 2, seperate IP). on WAN1.

My noob knowledge of this .. will it work routing through my usg. Tell devices to route through the OPNsense machine through my network of the USG. It can listen and see both WAN-ports.. so, my logic tells me it works. But what should I do in opnsense?

Wold be wonderful to get a hint of how.

Thanks
 
 / T

[netizen]

Hello all!

I have a slightly different requirement in mind. I am not into torrents however routing via VPN is probably what is needed to do the following:

- Assume a server I have root access to, sitting in a DC
- Assume a small subnet assigned to that server from the DC
- Assume a high-speed DSL connection at home
- What I want to do is use those IPs (say in web or email server) with the latter sitting at my home network. Not in the server at the DC.

Can this be done?
Excuse my ignorance. I am fairly knowledgeable in configuring devices like PfSense but only for LAN devices that directly connected to the LAN of the firewall. What about this remote setup?

Any help is much appreciated!
 

[TaceN]

Hey all,

I'm about to lose it soon throwing my firewall out the building.
I've done everything the guide says. The vpn connection works fine but I can not get any internet out or through the vpn.

Can someone please have a look at the screenshots and tell my if something is wrong?

Version: 19.1

Thanks

[DanMc85]

Hey all,

I'm about to lose it soon throwing my firewall out the building.
I've done everything the guide says. The vpn connection works fine but I can not get any internet out or through the vpn.

Can someone please have a look at the screenshots and tell my if something is wrong?

Version: 19.1

Thanks

I opened up a bug report for this... I am having similar issues as you since going from 18.7.10 to 19.1.x

https://github.com/opnsense/core/issues/3381

[Northguy]

Hey all,

I'm about to lose it soon throwing my firewall out the building.
I've done everything the guide says. The vpn connection works fine but I can not get any internet out or through the vpn.

Can someone please have a look at the screenshots and tell my if something is wrong?

Version: 19.1

Thanks

Looks valid to me. Struggling with the same issue. VPN server is working fine (Remote login), VPN client (tunnel for internet) is a PITA. Following this thread for solutions.

[eptesicus]

Hey, all... I got some help on the subreddit, but I'm having a weird issue... I got VPN working for one of my VLANs only (VLAN10_DL in my case, which is what I want for right now), and web traffic on every other VLAN and the LAN is working fine. However, there's issues with ping.

On my VLAN10_DL network that's routing over VPN. Traffic is fine with the exception of ping/ICMP. I cannot ping outside to anything on the WAN via IP or domain name (pinging 8.8.8.8 fails, and pinging google.com fails). Also from the LAN, I can ping 10.0.70.41 in my VLAN10_DL network, but I can't ping 10.0.70.101 that's in that same network. pinging something on the LAN from 10.0.70.101 is successful however.

On my LAN and other subnets that aren't routing over VPN (just over the WAN), pinging IP resolves, but not domain name (pinging 8.8.8.8 is successful, but pinging google.com fails).

See much of the config below...





















What am I doing wrong? What could be cleaned up to make this simpler but still achieve what I'm wanting?

[Northguy]

I somebody can borrow me an account I can try to make an official guide, but I'm not willing to pay something for what I'm not using.

Does this offer still stand @mimugmail? If so, we can arrange something through PM.

[mimugmail]

Sure, next week is good

[Northguy]

Sure, next week is good

Sent a response to your Gmail account. Let's pick up from there