Is it possible to tunnel all traffic over OpenVPN [SOLVED]?

AhnHEL

No checkbox in 1.2.3

Just add the following line in Custom Options. If you have any other commands in Custom Options be sure to separate them with a semicolon.

push "redirect-gateway def1"

nutt318

I added that custom option and it doesnt work, I can still get to my internal network. Just nothing outside of that.

Does squid, or squid gaurd make a difference?

AhnHEL

@nutt318:

So I've followed the guides for OpenVPN and it works great, I can connect to any network and start openvpn and get back into my internal (home) network.

I can still get to my internal network. Just nothing outside of that.

I am a bit confused, looks like you contradicted yourself. You stated you can connect to any network, then you stated you can only get to your internal network.

Are you using the DNS option in your tunnel as well. Below is my custom options, where the xxx.xxx.xxx.1 is, this is the IP address from the address pool in your OpenVPN Server settings. If this doesnt help you, post a screenshot of your config files removing any identifying IP addresses. Are you using Advanced Outbound NAT?

push "redirect-gateway def1";push "dhcp-option DNS xxx.xxx.xxx.1";verb 1;mute-replay-warnings

nutt318

I mean websites are unviewable, when i enable OpenVPN i can access my router and ping other computers, ex. 192.168.1.1 or .30.

My address pool is 192.168.200.0/24, I do have a rule setup and can ping the 192.168.1.1 network so it seems to be ok.

I've tried your custom options but it didnt work, what is 'def1' and 'verb 1' ?

AhnHEL

Verb 1 is just the logging level, def1 is the default gateway. Please post screenshots of your server and client config files, but it sounds like you're not using Advanced Outbound NAT.

nutt318

Thanks for taking a look, here is everything I thought you may need to look at

ovpn_client

client

dev tun
proto udp

remote [mypublicip] 1194

ping 10

resolv-retry infinite

nobind

persist-key

persist-tun

ca ca.crt

cert ovpn_client1.crt

key ovpn_client1.key

ns-cert-type server

comp-lzo

pull

verb 3

pfsense1.jpg_thumb

pfsense2.jpg_thumb

pfsense3.jpg_thumb

pfsense4.jpg_thumb

nutt318

Heres a few more screen shots

pfsense5.jpg_thumb

pfsense6.jpg_thumb

pfsense7.jpg_thumb

AhnHEL

In your Custom Options, change your DNS Server to look like below

push "redirect-gateway def1";push "dhcp-option DNS 192.168.200.1";verb 1;mute-replay-warnings

Also, in the Web GUI, go to the Firewall/NAT/Outbound tab and make your settings look like the following screenshot.

![Screen shot 2011-02-24 at 9.10.48 AM.jpg](/public/imported_attachments/1/Screen shot 2011-02-24 at 9.10.48 AM.jpg)
![Screen shot 2011-02-24 at 9.10.48 AM.jpg_thumb](/public/imported_attachments/1/Screen shot 2011-02-24 at 9.10.48 AM.jpg_thumb)

nutt318

Alright, changed custom settings and change Outbound NAT.

Good news, while OpenVPN is connected I can pull up google by ip. I've also pulled up ipchicken.com through ip and it shows my home IP address.

So something with DNS isnt exactly right, any ideas?

Cino

hmm, maybe change the 'dhcp-option' to your LAN IP address? or what ever IP address your pfsense box is

nutt318

Looks like that did the trick :)

Thanks for all the help guys!

Cino

sweet! Good to hear