I want to force the client to use its own internet gateway.
-
I want to force the client to use its own internet gateway. In my scenario, the client must definitely use its own internet. Some clients can send all traffic over VPN and the internet can be accessed through the VPN server's internet. I prevent this situation with security rules, but this time the internet cannot be accessed in any way. Even if routing is done to access the internet via VPN, my VPN server must not allow this and force it to use its own gateway. How do I do this?
-
@selcuk_ks
You VPN server do not have much impact on the clients routing table.
You can push routes to the clients though, but this is nothing more than a recommendation in the end.So on the server just block any unwanted traffic from the client.
Also you need an outbound NAT rule on WAN for the tunnel pool to masquerade the traffic with your WAN address. Without this, no internet access would be possible for the VPN clients.
If pfSense has created the outbound NAT rule automatically, you can switch to hybrid mode and add a rule for the tunnel network and disable NAT inside it.
-
@viragomann Thanks. I will try this when I have free time.
-
@selcuk_ks Do you mean force general internet traffic out the clients local gateway, and only all VPN for services you host ?
If so, this is standard split tunnel, so un-select the "Force all traffic through tunnel" option