How do I force all internet through the VPN tunnel?
-
Hello, I have a peer to peer VPN set up in my SG-1100 (Netgate) firewall. I am trying to get it so that all of my network traffic (0.0.0.0/0) goes through the VPN tunnel when connected.
I have tried so many different things, but nothing seems to work.
-
You might want to paste some route info. (Diagnostics | Routes). Sounds like you have to change your default route somehow to go through the Openvpn tunnel instead of the WAN. What have you tried so far?
-
On your end, you have to assign the tunnel to an interface, which creates a gateway. Then policy route your traffic over the tunnel via firewall rules that leverage the gateway that was created in the first step.
On the remote end, there needs to be a NAT entry for your LAN subnet.
-
This post is deleted! -
@marvosa said in How do I force all internet through the VPN tunnel?:
On your end, you have to assign the tunnel to an interface, which creates a gateway. Then policy route your traffic over the tunnel via firewall rules that leverage the gateway that was created in the first step.
On the remote end, there needs to be a NAT entry for your LAN subnet.
Thanks, what side is my side, and what side is the remote side?
Also, how do I do a Policy route? -
Well, the topic is "How do I force all internet through the VPN tunnel?", so my assumption is you want internet traffic on your LAN forced thru a VPN tunnel, correct? If so, your end is the local end and the network behind the VPN is the remote (or far) end.
how do I do a Policy route?
- Assign the VPN to an interface.
- On the LAN tab, create a firewall rule (above your LAN net/any rule) that has:
a. Protocol = any
b. Source = specify your LAN subnet or choose "
c. Destination = any
d. Gateway = The gateway IP created from assigning the VPN to an interface (This is done by expanding the "Advanced Options" section)