HOWTO - Routing Traffic over Private VPN

[mimugmail]

Screenshots of Gateways, Gateway group, Firewall Rule and outbound Nat

[PaoPao]

Here are the pictures of my configuration.
However I am not sure that it works as 100%.

I just noticed that the floating rule doesn't work (:

Are there any other errors in the configuration?
(Except copy errors in the filter descriptions)

Gateway (Single)


Gateway (Group)


Outbound


Floating rules


LAN rules


I also use Pi-Hole (Raspi) with Outbound DNS over TLS.

[tibere86]

Here are the pictures of my configuration.
However I am not sure that it works as 100%.

What is in your "N_LOCALNETS" Alias? Mind sharing a screenshot?

[PaoPao]

Hi,

here the screenshot:


If you want the floating rule to work check this option:
Uncheck [ ] Skip rules when gateway is down

[rdofl]

Edited - I've posted my question in a new thread.

[HA4g3n]

 Hello,

Im been reading several posts about OPNsense and OpenVPN.
Im getting local DHCP clients getting routed throuh the VPN and its working.

But, i need to PortForward traffic over external VPN to a machine inside the LAN that uses static mapping but i really cant make it work..

Ill posty my config:

VPN:
Infinitely resolve remote server - Ticked
Don't pull routes - Unticked
Don't add/remove routes - Ticked
UDP enabled

Systsem\Gateways\Single:
WAN_GWv4 (default)   WAN

Port Forward:
OpenVPN:
TCP/UDP
NAT reflection - Enabled
Filter rule association - Rule Nat

Firwall\Settings\Advanced:
Reflection for port forwards - Ticked
Reflection for 1:1 - Unticked
Automatic outbound NAT for Reflection - Ticked

Running OPNsense 18.7.10-amd64

OVPN over openVPN.
WAN 172.22.1.4 - Edgemax 172.22.1.4 - ISP
LAN 192.168.1.2
VPN    10.128.64.xx Puiblic 185.x.x.x

Any tip is welcome

[TaceN]

Hey,

thanks for a great guide. Works perfect connecting through VPN.

I just have a question that I can't really figure out.
Is it possible to setup this functionality like this.

I'm using a Unifi USG router with two WAN ports.
I'd like to connect the computer running OPNsense to my CPE (port 1, seperate IP) and use a usb network adapter which is connected to my USG WAN2.
I'll also connect my USG to the CPE (port 2, seperate IP). on WAN1.

My noob knowledge of this .. will it work routing through my usg. Tell devices to route through the OPNsense machine through my network of the USG. It can listen and see both WAN-ports.. so, my logic tells me it works. But what should I do in opnsense?

Wold be wonderful to get a hint of how.

Thanks
 
 / T

[netizen]

Hello all!

I have a slightly different requirement in mind. I am not into torrents however routing via VPN is probably what is needed to do the following:

- Assume a server I have root access to, sitting in a DC
- Assume a small subnet assigned to that server from the DC
- Assume a high-speed DSL connection at home
- What I want to do is use those IPs (say in web or email server) with the latter sitting at my home network. Not in the server at the DC.

Can this be done?
Excuse my ignorance. I am fairly knowledgeable in configuring devices like PfSense but only for LAN devices that directly connected to the LAN of the firewall. What about this remote setup?

Any help is much appreciated!
 

[TaceN]

Hey all,

I'm about to lose it soon throwing my firewall out the building.
I've done everything the guide says. The vpn connection works fine but I can not get any internet out or through the vpn.

Can someone please have a look at the screenshots and tell my if something is wrong?

Version: 19.1

Thanks