OpenVPN Routing/Firewall



  • I have a system with several isolation VLANs (Main Network, Security Cameras, Media Player, etc.and an alternate gateway that routes traffic through a VPN provider). I can connect to the VPN from my android, but I can't access any of the other sub-networks or route traffic out the alternate VPN gateway.

    Can someone please provide some guidance as to how to access IP ranges behind inside the network and/or route traffic out a specific gateway once the OpenVPN server is connected.  I know how to accomplish this with the local network/ethernet, but I'm having trouble making the connection with the VPN server.

    The OpenVPN server interface seems to be behaving very differently from the other interfaces.  The wizzard created a rule ANY/ANY/ANY which should let just about anything go whereever it wants to go, but that's not happening?  What am I missing?

    Any suggestions/assistance is much appreciated.

    A note to the documentation team: [Not a rant/complaint, but a suggestion meant to be helpful to the community as to what is missing and should eliminate a lot of frustration and forum traffic.]

    From what I can see there are a lot of people besides myself included having trouble with OpenVPN Routing/Firewall (3 of the first 10 posts when I started composing this post are essentially all routing/firewalll issues.):

    Diagnosing OpenVPN Server Connection Issue Running Through PIA Client
    Site2Site push route 
    Can not access hosts outside of DHCP range through tunnel network

    I have a pfSense Gold membership, and the book doesn't provide help except as a memory aid for someone who "knows" but just doesn't remember the details. There are details, but no "big picture"/context and how to "connect the pieces.".

    For me, and I suspect other having a block diagram or other "model" to understand how all the pieces go together would save hours.

    Maybe a suggestion for a hangout "pfSense first principles"… possibly working though some common advanced home/small business scenarios

    For example start with a basic system (WAN/LAN) with DHCP, DNS, NTP
    -break it up into VLANs (say for main network, media, cameras [no internet access], voip)
    -add a VPN client to a VPN provider and route the main network and media out the VPN (maybe with exclusions for Netflix) and voip out the WAN.
    -add a remote access VPN server to

    • access only the cameras
    • access media and route traffic out
        - VPN or the
        - WAN

    The details of setting up the individual componets (VPN, DHCP, DNS, etc. seem to be well covered… It's how they all connect that's important)
    If the community thinks something like this is a good idea speak up and maybe it will happen.