"Force all client generated traffic through the tunnel" IPv4+IPv6, single client
-
Hello.
I'm trying to force all client generated IPv4 and IPv6 traffic through the OpenVPN tunnel, so through pfSense.
The option "Force all client generated traffic through the tunnel" enables this for all clients, yet I only want this to be enabled for specific clients.
I've tried to edit the client configuration and add the following lines there:
redirect-gateway def1 route-ipv6 2000::/3
I assumed that this should add the necessary routes on the client, to forcefully redirect ALL traffic through the VPN.
Both, the server and the client have IPv4 and IPv6 addresses.With the setup previously mentioned, IPv6 was NOT redirected through the tunnel and IPv4 appeared to be redirected but connections where not successful.
Do I have to alter routing tables on my pfSense as well?
What exactly does the "Force all client generated traffic through the tunnel" option configure on pfSense to make this work?Help is greatly appreciated.
-
I've tried various approaches of OpenVPN guides, yet none appears to be working in this situation.
Assumingly because I lack some routing rules on the pfSense box, but I'm not sure what the "Force all client generated traffic through the tunnel" option effectively changes on the server. -
I've tried various approaches of OpenVPN guides, yet none appears to be working in this situation.
Assumingly because I lack some routing rules on the pfSense box, but I'm not sure what the "Force all client generated traffic through the tunnel" option effectively changes on the server.As far as I know, "Force all client generated traffic through the tunnel" changes nothing on Pfsense side; it only pushes the default gateway directive to the clients.
-
As far as I know, "Force all client generated traffic through the tunnel" changes nothing on Pfsense side; it only pushes the default gateway directive to the clients.
Interesting! Thank you very much for that hint.
I guess I will have to set up some virtual machines and reproduce my setup to see what would change for me if I enable the option. I can not do this with my current physical setup.