Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Open VPN Internet access

    Scheduled Pinned Locked Moved OpenVPN
    5 Posts 3 Posters 584 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jgomez123
      last edited by

      Hi,
      I have a VPN with OpenVPN on my firewall for the workers can connect remotely from home, but cannot surf on Internet.

      I have tried creating permission rules to destination ports 80, 443, 53 without success. The only thing I have achieved is to create a destination rule to port 3389 so that they connect by RDP to their office computer and can now navigate correctly.

      Could they browse without being connected to their computer by RDP? Only to the VPN.

      IP ranges:

      • OpenVPN: 10.2.3.0/24
      • Office: 172.16.0.0/24

      Thank you.

      JKnottJ V 2 Replies Last reply Reply Quote 0
      • JKnottJ
        JKnott @jgomez123
        last edited by

        @jgomez123

        Have you set up routing to allow the Internet access? When you set up the client export, there's an Advanced box, where you configure the route that gets pushed to the client.

        Here's what I have:

        push "route 0.0.0.0 0.0.0.0";push "route-ipv6 ::/0"

        PfSense running on Qotom mini PC
        i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
        UniFi AC-Lite access point

        I haven't lost my mind. It's around here...somewhere...

        1 Reply Last reply Reply Quote 0
        • V
          viragomann @jgomez123
          last edited by

          @jgomez123
          What do you intend to achieve exactly?
          Do you want to route the whole clients internet traffic over the VPN or only provide access to the local networks?

          J 1 Reply Last reply Reply Quote 0
          • J
            jgomez123 @viragomann
            last edited by

            @viragomann

            I want when they connect to the VPN they can surf the internet and all traffic goes through the VPN to restrict it with the rules of the firewall.

            Is this possible?

            1 Reply Last reply Reply Quote 0
            • V
              viragomann
              last edited by

              Yes. So check "Redirect gateway" in the server settings to push the default route to the clients and provide a DNS server.

              Additionally you have to add an outbound NAT rule for the VPN clients. Firewall > NAT > Outbound. Select the hybrid mode and hit save if you have the automatic mode now.
              Then add new rule:
              interface: WAN
              source: <OpenVPN tunnel network>
              destination: any
              translation: interface address

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.