Route one IP over VPN?

Started by conanTheRouter, June 25, 2018, 12:02:22 AM

Previous topic - Next topic
Print
Go Down Pages 1 2
User actions
November 07, 2018, 10:25:16 PM #15 Last Edit: November 08, 2018, 12:19:20 AM by dcol
Using OPN v18.7.6 with IPVanish. Just applied this and seems to work great except my upload speeds (.20Mbps) are horrible. Strange because downloads are fine (+200Mbps).
Tried different servers. Uploads speeds ok (30Mbps) when using IPVanish apps, just not using OpenVPN.
Any suggestion on something to try?

Here are my Advanced Configs
persist-key
persist-tun
persist-remote-ip
verify-x509-name phx-a19.ipvanish.com
comp-lzo
verb 3
tls-cipher TLS-DHE-RSA-WITH-AES-256-CBC-SHA:TLS-DHE-DSS-WITH-AES-256-CBC-SHA:TLS-RSA-WITH-AES-256-CBC-SHA

[UPDATE] Issue was with the ISP. Upload speeds fine now
February 04, 2019, 01:19:22 PM #16
Hey,

Versions OPNsense 18.7.10_3-amd64
FreeBSD 11.1-RELEASE-p18
OpenSSL 1.0.2q 20 Nov 2018

I've done these settings on the other guide earlier. Since it didn't work I found this one.
I'm able to connect on the VPN and so on. But when connected I don't get any internet. When not connected through VPN I do get internet. It has to do with the rules I guess. But, they are identical to yours so can't see the problem.

What can I show you to get this to work?

Thanks!
February 11, 2019, 08:24:16 PM #17
Hey guys,

I'm on my way to lose it soon on this one...
I've got (what I think) everything in the guide to make this work.

The openVPN settings works without any problem.
It connects and the VPN virtual device gets an IP and so on.
I don't get any internet out from it. Not externally or over vpn.

Anyone..?
Have a look on my attachements if I've forgotten something.

Version: 19.1

best regards,
T
February 11, 2019, 09:42:37 PM #18
Are the hosts in the alias also in the 10.0.1.0/24 range? If so, try moving the VPNtraffic rules in outbound NAT before the 10.0.1.0/24 entries.
February 11, 2019, 10:02:58 PM #19
@MrB
Here's a screenshot of the aliases.
April 30, 2020, 01:26:05 AM #20
This guide was of big help to me, thanks.

One point though:

Step 10, the "floating" rule:

When I put it in like this, all WAN access was blocked. The VPN couldnĀ“t reach its server any more. Then I started to "think" on my own (which can be dangerous, I admit ;-)) and figured that I need to set the source to the Alias of the VPN clients. Then it all worked flawlessly.

Thanks for the big hand !

June 14, 2020, 12:39:08 PM #21
Although this an old thread but trying my luck. Using OPNsense 20.1.7 with PIA VPN.

I've tried to set it up using old guide, which would only work for VPN and if IP is outside of alias then no internet.

On the this one, no traffic is routing over VPN.

appreciate if anyone can provide some clues or offer support ? Thanks
June 17, 2020, 10:29:54 PM #22 Last Edit: June 17, 2020, 10:39:45 PM by graf
I made an account to see if this helps anybody.

Set the first rule up normally. Basically this is the rule that you would already normally have in any VPN setup guide but you're simply adding that PIA_NO_WAN_EGRESS tagging to it. All traffic coming from whatever source you picked should now properly be tagged with that rule.

Now the important difference that I found, in floating rules do:

Block
Check apply action immediately on match
interface WAN
Direction Out
Address family IPv4
Protocol Any
Source Any
Destination Any
Description (whatever you want) or VPN Killswitch
Tagged (or match tag whatever) PIA_NO_WAN_EGRESS so that this will kill all traffic that is tagged from what you did in rule 1 that is destined for your normal WAN

GATEWAY WAN_DHCP (or whatever your normal, non-vpn gateway is)  -this is also important

So if you think about it your normal WAN should not see any of this VPN traffic until your VPN goes down because normally it's technically going out from a "different WAN" (the vpn gateway), then it tries to route out the default gateway once the VPN gateway goes down. This stops all that traffic.
July 26, 2020, 08:58:55 PM #23
Thanks for the guide. It was very helpfull.

I would just add information that any allias edits (adding or removing IPs) wont take effect until firewall restart.
Actually I disabled and than enabled again all rules related and applied changes afterwards, so I'm not 100% sure if just restart would work.

Successfully used this idea (aliases) for ZeroTier configuration.
I think it would be much more difficult to set up rules switching between two Zerotier networks, OpenVPN and WAN.
June 16, 2023, 12:33:36 PM #24
Hi, sorry to resume an oldest post like this, but I followed this guide to setup a pia vpn on my opnsense, that is working in outgoing from a selected ip of my lan, but I cannot figure out how to enable correctly a port forwarding on this vpn.
I tried to make this port forwarding like in attached image, that has generated the correct allow firewall rule in the second attachment, but still not working.
Anyone can help me on this?

Thanks
April 05, 2024, 11:23:00 AM #25
I don't know what I must put for the IP in Aliases ??

Step 7:
Navigate to Firewall > Aliases > View
- Add a new Alias
- Name: VPNTraffic
- Description : VPNTraffic
- Type: Host(s)
- First entry: 192.168.X.X
Print
Go Up Pages 1 2
User actions