@Gertjan said in How do I route outgoing email over WireGuard Tunnel?:

Of course I use have DANE available and set up :

I just noticed I had to recreate the TLSA records, something with Let's Encrypt must have changed. I hope I am good now for some time...

@urbaman75
So 10 port router, all have a separate subnet?
If so, what I said previous still stands.
Whatever vlan you use in the switch on any port that goes to a router port, that router port will use that vlan.
So Router Port 1 is connected to switchport 1 with it set to vlan 10. The network on router port 1 will use vlan 10 on any other switchport that is set to vlan 10. If you set switchports 1-6 to vlan 10, 2-6 are available to use for devices to connect to the subnet on router port 1. Same with router port 2 and 3 and 4 and ....

Whatever switchport you connect to a physical router interface determine the vlan it uses by the pvid of that switchport.
If you had a trunk port from router to switch, that's different.
You can set the switches management interface to whatever vlan you want. In your example, assign an IP for the switch in vlan 100 (or use dhcp) and it will use that vlan as management.

@joshopkins
Seems all the settings you did are correct, apart from the push-route commands in the default options. These do the same as the "local networks" setting does, which is the preferred way. You shouldn't have both settings.

Ensure that the access is allowed by rules on all incoming interfaces. Means on the OpenVPN interface at B and on the IPSec of A and C.

To see what's going on, sniff the traffic on the involved interfaces, while you try to access a remote IP from an OpenVPN client.

@werter OSPF - это уже лишнее в данной ситуации. Вопрос этот я решил через дополнительную фазу 2

@pfuzer pfsense with pfblockergng-dev and suricata

@johnpoz
I use IPSec to create a site-to-site tunnel should the wireless bridge go down. (Hilariously, this is no longer working, but that is a different problem for a different day).

I wanted to use the pfSense for the VPN clients but had too much problems setting it up with the win 10 clients. I only have two VPN clients so it is not really a problem at the moment.

But I will probably sit and redesign the whole network. Or I should just get some hardware routers. The win 10 hosts are giving me hell as well.