Single Interface OpenVPN -> Cloud, route Internet issue
-
Hello,
I am working on a diagram, but honestly struggling with depicting it on draw.io, open to suggestions, if it will help.
I have a cloud PFsense server, connected to a home PFsense Server via site to site OpenVPN. My home PFsense server is a single interface server (just a single internal LAN IP) pointed to a 4G LTE gateway.
I have 3 use cases, I am trying to solve, and currently 2/3 are solved.
- Host Webserver with a NAT on the cloud that directs back to a home IP - Success
- Remote Access VPN that allows me to access home computers - Success
- Send Email out via the cloud IP on the OpenVPN site to site tunnel - Fail
I have defined the openvpn interface as the "WAN" for my home single physical interface PFsense instance. Everything but this last little issue is working, I would think at least directing all traffic out the OpenVPN would be easy, but I can't even direct all traffic let alone just SMTP.
Altering the outbound firewall rules on the LAN replacing the "default" Gateway with the "WAN_DHCP", catches all Internet traffic via the firewall logs with an allow, but I don't see the traffic in the Cloud PFsense firewall logs...the traffic doesn't make it to the Internet.
So I suspect i have routing issue? Specific to a single physical interface?
Any screenshots, or additional information I can provide as well.
-
@sjgieson said in Single Interface OpenVPN -> Cloud, route Internet issue:
Send Email out via the cloud IP on the OpenVPN site to site tunnel - Fail
Which Emails? From all devices or from one only?
I assume the LTE router is the default gateway in your home network. Also I guess, it is not capable of managing multiple subnets. Right?
Basically you have to route SMTP traffic to the pfSense box to direct it to the cloud. You can do this by a static route on each device you want to send email, but you can also make pfSense to be your default gateway with a gimmick.
-
@viragomann So yes, 1 device would be preferred. However, to make this even more simple. How do I send all Internet out the VPN Gateway (forget SMTP) ? Right now I am able to NAT ports from the Cloud PFSense to the machines on my internal network. Which to be honest I thought would be the hardest part here. I figured sending traffic out the VPN gateway, that should be straight forward. Here is a rough diagram I did, not sure if it will help explain it.
-
Nevermind, I figured out routing all Internet at least. The solution is to make sure you default gateway is your Virtual Wan on your Default allow LAN to any rule. In my case it was called "DHCP_WAN", so now I can send all traffic out.
I tried this earlier but I had a custom config line in the client side of OpenVPN, that was told to do to force all traffic out the VPN. This custom config was tripping up my LAN rules/routes. So don't do that.
I appear to be back in business now.