Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    "Force all client generated traffic through the tunnel" IPv4+IPv6, single client

    Scheduled Pinned Locked Moved OpenVPN
    4 Posts 2 Posters 2.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S Offline
      SaAtomic
      last edited by

      Hello.

      I'm trying to force all client generated IPv4 and IPv6 traffic through the OpenVPN tunnel, so through pfSense.

      The option "Force all client generated traffic through the tunnel" enables this for all clients, yet I only want this to be enabled for specific clients.

      I've tried to edit the client configuration and add the following lines there:

      redirect-gateway def1
route-ipv6 2000::/3

      I assumed that this should add the necessary routes on the client, to forcefully redirect ALL traffic through the VPN.
      Both, the server and the client have IPv4 and IPv6 addresses.

      With the setup previously mentioned, IPv6 was NOT redirected through the tunnel and IPv4 appeared to be redirected but connections where not successful.

      Do I have to alter routing tables on my pfSense as well?
      What exactly does the "Force all client generated traffic through the tunnel" option configure on pfSense to make this work?

      Help is greatly appreciated.

      1 Reply Last reply Reply Quote 0
      • S Offline
        SaAtomic
        last edited by

        I've tried various approaches of OpenVPN guides, yet none appears to be working in this situation.
        Assumingly because I lack some routing rules on the pfSense box, but I'm not sure what the "Force all client generated traffic through the tunnel" option effectively changes on the server.

        1 Reply Last reply Reply Quote 0
        • J Offline
          Jackish
          last edited by

          @SaAtomic:

          I've tried various approaches of OpenVPN guides, yet none appears to be working in this situation.
          Assumingly because I lack some routing rules on the pfSense box, but I'm not sure what the "Force all client generated traffic through the tunnel" option effectively changes on the server.

          As far as I know, "Force all client generated traffic through the tunnel" changes nothing on Pfsense side; it only pushes the default gateway directive to the clients.

          1 Reply Last reply Reply Quote 0
          • S Offline
            SaAtomic
            last edited by

            @Jackish:

            As far as I know, "Force all client generated traffic through the tunnel" changes nothing on Pfsense side; it only pushes the default gateway directive to the clients.

            Interesting! Thank you very much for that hint.

            I guess I will have to set up some virtual machines and reproduce my setup to see what would change for me if I enable the option. I can not do this with my current physical setup.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.