Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    remote client & Web traffic

    Scheduled Pinned Locked Moved OpenVPN
    16 Posts 3 Posters 1.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      sasa1 @sasa1
      last edited by

      @sasa1 I use openswan.
      thanks.

      1 Reply Last reply Reply Quote 0
      • S
        sasa1 @viragomann
        last edited by

        @viragomann said in remote client & Web traffic:

        Openswan? Where? On a host inside your network?
        What has this to do with OpenVPN?

        Hi, I would like the remote host that connects via VPN to an openswan server to be able to access the Internet by presenting itself with the public IP of pfsense and not that of its network.
        in practice, after the host has connected in vpn access to the web occurs through pfsense
        sorry if I didn't write my goal clearly before
        thanks.

        V 1 Reply Last reply Reply Quote 0
        • V
          viragomann @sasa1
          last edited by

          @sasa1
          Still not clear, which part of your set is related to OpenVPN.

          S 1 Reply Last reply Reply Quote 0
          • S
            sasa1 @viragomann
            last edited by

            @viragomann I refer to openswan because the remote host connects in vpn through an openswan server.
            I would like the remote host, after making the connection in vpn, if from the browser type:
            www.microsoft.com
            this request must be forwarded to the pfsense server (where the openswan server is located).
            In practice, the remote host always uses the pfsense gateway as the default gateway for any request and not the one locally on his PC.
            Thanks.

            J V 2 Replies Last reply Reply Quote 0
            • J
              jpvonhemel @sasa1
              last edited by

              @sasa1 sounds like you want split tunneling, but the web traffic you want originating from the remote host would not go through the VPN, it would bypass it and traffel out the remote host wan gateway. Are you using an openvpn server? This was posted in the openVPN forum of PFSense.

              1 Reply Last reply Reply Quote 0
              • V
                viragomann @sasa1
                last edited by

                @sasa1
                So obviously there is no OpenVPN in play. Hence this topic should be posted in the routing section.

                If I understood it correct, you have an Openswan server behind pfSense, and a remote client which is connecting to it should direct its whole upstream traffic over the VPN and out through pfSense WAN interface.

                So you have to configure the Openswan server or client so that the client routes its upstream traffic over the VPN. In OpenVPN this can be done by checking "redirect gateway", but I cannot help with Openswan.

                On pfSense you have to add a static route for the clients (virtual) IP pointing to the Openswan Server.
                Additionally you have to switch the outbound NAT inot hybrid mode and add an rule for the clients IP to WAN.

                S 1 Reply Last reply Reply Quote 0
                • S
                  sasa1 @viragomann
                  last edited by

                  @viragomann The static route must be added in System -> Routing -> Gateways ?
                  the other two steps are clear to me.
                  Thanks.

                  V 1 Reply Last reply Reply Quote 0
                  • V
                    viragomann @sasa1
                    last edited by

                    @sasa1
                    Yes. First add the Openswan server as gateway, then go to the static routes tab and add a static route for the tunnel network and select the Openswan from the gateway drop-down.

                    S 1 Reply Last reply Reply Quote 0
                    • S
                      sasa1 @viragomann
                      last edited by

                      @viragomann when you refer to "Openswan server as gateway" do you mean pfsense's private IP or public IP?
                      When I create the static route, in the "Destination network" field I have to indicate the network:
                      0.0.0.0

                      thanks.

                      V 1 Reply Last reply Reply Quote 0
                      • V
                        viragomann @sasa1
                        last edited by

                        @sasa1
                        I'm talking about an Openswan server behind pfSense as I already stated above. Hence I mean its internal IP.
                        Requested your setup details several times. Since you won't provide details, I'm on assumptions.

                        S 1 Reply Last reply Reply Quote 0
                        • S
                          sasa1 @viragomann
                          last edited by

                          @viragomann sorry but I thought I had provided the necessary details, I try to better explain my network topology.
                          I have pfsense with wan and lan interface, openvpn server and a remote host that connects in vpn through openvpn client.
                          My goal is that the remote host can access the web pages using the gateway configured on pfsense so that it can present itself on the web with the public ip address assigned to the pfsense wan

                          V 1 Reply Last reply Reply Quote 0
                          • V
                            viragomann @sasa1
                            last edited by viragomann

                            @sasa1
                            So there is no Openswan in use yet??? Holy crap!
                            Only OpenVPN on pfSense itself. We were talking about Openswan all the time. Since this would not run on pfsense, I was assuming it runs on a separate server.
                            😖

                            S 1 Reply Last reply Reply Quote 0
                            • S
                              sasa1 @viragomann
                              last edited by

                              @viragomann sorry it was a lapsus, I only use openvpn installed inside pfsense.

                              Are the same steps you indicated in the previous post valid for the configuration?
                              thanks and sorry again for the inattention

                              V 1 Reply Last reply Reply Quote 0
                              • V
                                viragomann @sasa1
                                last edited by

                                @sasa1
                                When you are running OpenVPN on pfSense itself, you have only to check "Redirect gateway" on the OpenVPN server settings and add an outbound NAT rule to WAN for the VPN tunnel network.
                                You have to switch the outbound NAT into hybrid mode and save it. Then add a rule:
                                interface: WAN
                                source: <OpenVPN tunnel network>

                                All other options may stay on default values. Save it.

                                1 Reply Last reply Reply Quote 1
                                • First post
                                  Last post
                                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.