Note: This post was originally posted on my personal blog. I have copied the content to this blog.
Here’s the scenario: You have a cell phone, a streaming device and a laptop and you want to send their traffic over a VPN without having to configure the devices themselves.
Why would you want to do this? Here are some reasons:
Why is this method superior? Because it doesn’t matter what kind of device you have, because it’s the router doing the tunneling, it works with any device with no extra configuration.
Is this possible? Yes, and I’ll show you how I did it with OPNsense.
This part is simple enough. Get a VPN. I set up a VPN myself on the internet, but most VPN providers you can sign up for should work. After you do that, check your IP by searching IP
on DuckDuckGo, or going to https://ifconfig.co.
Next, configure OPNsense to connect to the VPN. Usually (but not always), you’ll need to set up certificates in System -> Trust -> Authorities
and then install your client certificate in System -> Trust -> Certificates
.
After configuring certificates, set up the VPN under VPN -> OpenVPN -> Clients
.
After configuring your OpenVPN client according to the settings you got from your VPN provider, click save and then go to Connection Status
. There your VPN should show as connected. If not, go to Log File and read the logs to find out why.
Go to Firewall -> Aliases
and create a new alias. Give it a name, select Network(s)
and then enter in a network with a submask. Here you can enter subnets and IPs that you want to tunnel. I personally chose to have a section of my LAN subnet selected to be forwarded over the VPN; that way if I want a device to be forwarded all I need to do is give it a static IP in that range. If you want ALL traffic tunneled, give it your full subnet such as 192.168.1.0/24
.
Now go to Interfaces -> Assignments
and create a new interface for your VPN, and assign it to the OpenVPN client
You don’t need to give it any IP assignments.
Go to Firewall -> NAT -> Outbound
and add a new rule.
Select the OpenVPN interface and select your Alias under Source address
. Leave source port and destination address and port as any
and select Interface Address
under Translation / target
. Save the rule and apply it.
Home stretch! Now we go to Firewall -> Rules -> LAN
and add a new rule.
Select your alias as the Source, and set the destination as LAN Net
and check Destination / Invert
. This part is important! Give it a description and then select the Gateway
as OPENVPN_VPNV4
. This might be different depending on if you named your interface differently.
Click Save
then click Apply
in the top. Check your external IP again and you should see it’s changed.