[Solved] Help routing all traffic through PFSense OpenVPN

Crlaozwyn · Aug 16, 2019, 2:13 AM

My apologies in advance - few things make me feel as stupid as networking. Hardware/software? No sweat. Networking? Black magic. I've spent about ten hours on this between Google, Reddit, these forums, and trying configs. I'm sure I'm missing a simple setting somewhere but I just can't seem to find it.

I've configured OpenVPN on PFSense and am able to connect through my phone using the OpenVPN app. I can reach internet network resources just fine. I realized today that my IP is still showing as my cell carrier, Starbucks wifi, or whatever. I'd like to route all traffic through the VPN connection. From what I've seen,

push "redirect-gateway def1"

in the PFSense OpenVPN config is where you start, forcing all traffic through the VPN. Now, there's no internet. Back to Google and it looks like I need outbound NAT rules to be able to access the web. I set these up based on existing WAN rules:

My local subnet is 192.168.12.0 and I set OpenVPN to 192.168.13.0. There's a WAN rule to forward * source/port to the OpenVPN port. Still no internet access and I couldn't access local resources (EG: router) for about 10 min, at which point it became available again. Any tips on where to look to find my mistake? Thanks in advance.

viktor_g · Aug 15, 2019, 1:15 PM

Check these:

force all client-generated IPv4 traffic through the tunnel in OpenVPN server configuration
add needed rules to Firewall / Rules / OpenVPN
it should work fine with Automatic outbound NAT

Crlaozwyn · Aug 15, 2019, 1:15 PM

@viktor_g thanks, I’ve checked the “route all traffic” box in addition to the push command. I hadn’t seen that mentioned in the articles I read, so I assumed it was redundant. No luck yet. I think your #2 step may be where I’m missing something. Any suggestions on what firewall rules are needed beyond the one I have?

viktor_g · Aug 15, 2019, 2:06 PM

@Crlaozwyn out something like 🔒 Log in to view

where 172.16.0.0/24 is your IPv4 Tunnel Network from OpenVPN server configuration
and any extra restrictions on top of rules, if you need it

Crlaozwyn · Aug 16, 2019, 1:15 AM

Ah yes, I had it going from * to *. I tried switching the source to my Tunnel Network address but it didn't make a difference.

Crlaozwyn · Aug 16, 2019, 1:34 AM

Got it! Thanks so much for your help.

I've changed a dozen settings in the last couple of days so it's hard for me to say exactly what did it. The last thing I did before it started working was actually to uncheck the box that says "Force all client-generated IPv4 traffic through the tunnel." And now when I go back in, it shows checked again... hmmm.

In any case, it's working now and I hopefully won't ever have to do any troubleshooting ;) Thank you again for taking the time to help me.