Creating a Policy Route to Send All Traffic from Host Through OpenVPN



  • Hi
    I follow this tutorial https://www.infotechwerx.com/blog/Creating-Policy-Route-to-Send-All-Traffic-Host-Through-OpenVPN

    I can connect Openvpn Client Instance but then I stuck. I want sing pc from lan use this vpn service. Can anyone provide explain in easy English?
    My pfsense version 2.3.4 Release.



  • If you've done all the steps as described in the mentioned tutorial it should even work.

    What's your concrete problem? Do you get any internet connection on the particular pc. Is the pc going out to WAN gateway?

    Post your firewall rules and outbound NAT settings.



  • Lan pc do not get vpn ip and pc is going out wan getway.

    ![lan rules.jpg](/public/imported_attachments/1/lan rules.jpg)
    ![lan rules.jpg_thumb](/public/imported_attachments/1/lan rules.jpg_thumb)





  • You forgot to move the policy routing rule to the top of the LAN rule set, underneath the anti-lockout rule.

    To get the gateway shown as online, you will need an additional outbound NAT rule on the vpn interface for source = 127.0.0.0/8. However, LAN access should also work without this.



  • Thanks. I do it. May by free openvpn has no speed.
    Another question - Does lan pc ip change to vpn subnet or not?
    My lan ip is 192.168.1.17. it is not changed.






  • @shetu:

    Another question - Does lan pc ip change to vpn subnet or not?
    My lan ip is 192.168.1.17. it is not changed.

    You mean the PCs IP?? That should be static and is not changed inside the LAN network.
    The outbound NAT rule you've added translates the address when packet go out the vpn interface. On the vpn server it is translated once more to the servers public IP.

    In the LAN rule you have permitted only TCP protocol. Change this to TCP/UDP and configure the pc to use a public DNS server to avoid DNS leaks. DNS also require UDP.


Log in to reply