On one LAN



  • Hi,

    At the moment OpenVPN when running is active on all LANs.
    How can I make it so that OpenVPN only works on specified LANs and the other LANs access the internet
    as normal?

    Thanks



  • Can anyone please help me with this?
    I'm concerned about locking myself out of the box if I mess up.

    Here is how I have it at the moment…

    LAN 1 ---> PC1
    LAN 2 ---> OPENVPN (PC2)
    LAN 3 ---> PC3
    LAN 4 ---> AP WIFI

    So as it currently stands with how I have OpenVPN configured is like this...

    Certificates:
    Peer Certificate Authority
    Client Certificate

    OpenVPN:
    Interface: WAN

    Interface:
    name: openvpn
    type: none (default)
    rest as default)

    Firewall rules:
    LAN 2
    pass
    interface: lan2
    protocol: any
    type: lan 2 subnet
    destination: any  <---- is it this part that plays an important part?

    The firewall rules above I have set for all 4 LAN ports with the exception of gateway (as below) which is only set on LAN 2.

    gateway: openvpn

    But as it stands when I have OpenVPN enabled. All LANs have VPN access. How can I force VPN on one of the LANs?

    thanks


  • Netgate Administrator

    Check what the system default gateway is. It's in System: Routing:
    It looks like it's possibly using the OpenVPN gateway as the default rather than the WAN gateway.

    Steve



  • @stephenw10:

    Check what the system default gateway is. It's in System: Routing:
    It looks like it's possibly using the OpenVPN gateway as the default rather than the WAN gateway.

    Steve

    Hi Steve,

    System –-> Routing ---> Gateways = WAN (default).
    Details within are...
    Interface: WAN
    Name: WAN
    Gateway: Dynamic
    Default Gateway = ticked



  • I got it sorted. And I think this is the right way.
    Although I never tried this because I thought default was exactly that.

    So…
    Even though System ---> Routing ---> Gateways = WAN shows as default.
    If I did not specifically select the gateway in the firewall rule under gateway.
    Despite the fact it's set by default to DEFAULT which because of that you'd think it would use
    WAN since that's default right?
    Well to stop all adapters from using OpenVPN I had to actually specify WAN in the firewall rule under
    gateway.


  • Netgate Administrator

    Ah, good to here. I suspect that the OpenVPN connection is stealing the default gateway when it is brought up. There is an option to allow the default gateway to change but I can't remember where it is off hand.  ::) I think it's disabled by default anyway.

    More likely is that the VPN adds a default route when it comes up. I think that is a changeable setting also. VPNs are not strong point of mine to be honest.  :)

    Steve


Log in to reply