Routing SOME IPs or Subnets through OpenVPN
-
Unfortunately, the thread at…
https://forum.pfsense.org/index.php?topic=72902.msg397636#msg397636
...was locked by a moderator.
I followed this guide...
https://doc.pfsense.org/index.php/Routing_internet_traffic_through_a_site-to-site_OpenVPN-connection_in_PfSense_2.1
...except I made the following modifications:
- Don't add "redirect-gateway def1" to site A.
- Delete the two Outbound NAT entries on Site A for Site A's Subnet you want to send through the VPN. Don't add a new Outbound NAT rule to Site A. Site B is taking care of NAT.
- Just change the gateway in the firewall rules tab on Site A for the subnet you want to route through the VPN.
- Add Site B's OpenVPN tunnel endpoint IP to Site A's DHCP server DNS option.
- Disable gateway monitoring action for the VPN on site A (when the OpenVPN daemon goes down on site A all internet traffic (going through the VPN and not) ceases otherwise.
These features will prevent any traffic going out Site A's WAN if the OpenVPN instance goes down.
-
Post your NAT table and LAN firewall rules. You probably have a setting wrong.