Routing SOME IPs or Subnets through OpenVPN

kolpinkb

Unfortunately, the thread at…

https://forum.pfsense.org/index.php?topic=72902.msg397636#msg397636

...was locked by a moderator.

I followed this guide...

https://doc.pfsense.org/index.php/Routing_internet_traffic_through_a_site-to-site_OpenVPN-connection_in_PfSense_2.1

...except I made the following modifications:

1. Don't add "redirect-gateway def1" to site A.
2. Delete the two Outbound NAT entries on Site A for Site A's Subnet you want to send through the VPN.  Don't add a new Outbound NAT rule to Site A.  Site B is taking care of NAT.
3. Just change the gateway in the firewall rules tab on Site A for the subnet you want to route through the VPN.
4. Add Site B's OpenVPN tunnel endpoint IP to Site A's DHCP server DNS option.
5. Disable gateway monitoring action for the VPN on site A (when the OpenVPN daemon goes down on site A all internet traffic (going through the VPN and not) ceases otherwise.

These features will prevent any traffic going out Site A's WAN if the OpenVPN instance goes down.

Booch

Post your NAT table and LAN firewall rules.  You probably have a setting wrong.