Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
18.7 Legacy Series
»
separate VLAN for VPN
« previous
next »
Print
Pages: [
1
]
Author
Topic: separate VLAN for VPN (Read 2526 times)
cbb09
Newbie
Posts: 38
Karma: 2
separate VLAN for VPN
«
on:
September 12, 2018, 04:35:08 am »
Hello,
I have the following setup working quite well:
VLAN 10 traffic is using default gateway
VLAN 20 traffic is going over VPN gateway (OpenVPN client interface)
What doesn't appear to work is to have
one
VLAN20 traffic rule to ANY with VPN gateway. External traffic via the VPN interface works fine, but LAN traffic doesn't get through as soon as I use a non-default gateway.
So, right now I have two rules for VLAN 20:
1. from VLAN 20 to local subnets via default gateway
2. from VLAN 20 to ANY via VPN gateway
For all local traffic, the first rule applies and if not non-local traffic, rule 2 sends it out via the correct gateway.
Now, I don't understand why local traffic gets blocked if I just have a simple VLAN 20 to ANY rule with VPN gateway. Something must change if the gateway is not the default one.
Any thoughts?
Thanks!
Logged
mimugmail
Hero Member
Posts: 6404
Karma: 446
Re: separate VLAN for VPN
«
Reply #1 on:
September 12, 2018, 06:24:34 am »
As soon as a second gateway comes into play you have to check the firewall logs on all gateways since the traffic flows not only in one direction.
Logged
Twitter: mimu_muc
WWW:
www.routerperformance.net
Support plans:
https://www.max-it.de/en/it-services/opnsense/
Commercial Plugins (German):
https://opnsense.max-it.de/
cbb09
Newbie
Posts: 38
Karma: 2
Re: separate VLAN for VPN
«
Reply #2 on:
September 13, 2018, 06:04:39 pm »
thanks - I will have a look at the logs...
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
18.7 Legacy Series
»
separate VLAN for VPN
