@joaobarbi said in Setup OpenVPN to redirect all traffic directly to WAN:

Now, instead of routing traffic through the enterprise network, I want to use the VPN to redirect traffic directly to the WAN, bypassing the enterprise's internal network

Which path though the internal network does the traffic actually take now?

If you run an OpenVPN server on your firewall, routing all clients upstream traffic over it (for whatever reason..), the packets come in on the VPN interface and go out on WAN.
I cannot think of any shorter path.

Solved!
Followed a lot of rabbit holes down until I found these:
https://serverfault.com/questions/1064935/openvpn-server-connexion-ok-but-no-access-to-remote-lan

which lead to:
https://openvpn.net/community-resources/how-to/#expanding-the-scope-of-the-vpn-to-include-additional-machines-on-either-the-client-or-server-subnet

Main take away was that I needed to add

push "route [Local LAN subnet] 255.255.255.0"

to the advanced configuration on the server setup.
Still reading a bit more to understand how this worked, but I'm able to ping my local machine as well as remote into it.

Happy days.

Your OpenVPN should be listing on a WAN type interface.

So it is ... but after a few hours I discovered that pfsense had lost this setting. Set it to "Any", set it back to "WAN" and the problem was solved.

Why would you want do that ?

Virtual Private Networks — OpenVPN — Assigning OpenVPN Interfaces | pfSense Documentation

@nick-loenders
Anyway, if you have sequenced subnets like these you can embrace them in the p2 using an appropriate mask. But with a local LAN of 10.0.1.0/24 you run into risk of overlapping.

So if the LAN here is 10.0.1.0/24 you could only merge tunnel 2 and 3 by stating 10.0.2.0/23 as the remote network.

If you have control over all involved site you should consider this when designing the networks.

@viragomann Thanks for the reply! I have checked this box, however when I do reload the tunnel (momentarily dropping it) traffic does route to the other network card, so it must not be blocking it

Yes Sir!

Many thanks for the speedy response.

Kind regards,
jB 😎

@gertjan Thanks!

Issue resolved by contacting support for the new version.

In fact, I have to provide as best practice, but makes sense, all details about : what I would like to do, where I am, what is the configuration, so I have prepare a message in French with all of things and all pictures of the current configuration .... I think I have around 8 / 10 Pictures, and also pictures of PfSense Interfaces are in French 😁 and several hours to write it with some links to existing messages (I performed some search), but without success. I miss something.
But you are right, I am pretty sure that the answer is in existing messages, I will perform a new lookup on this section you provided.
It's very sample but I never do it and like everybody I want the solution without effort and fast also ...
I will check also .... if there is a how to section.
Thanks again.

@huydra I should had TL;DRed the thread... 😆 Got bumped up.