Open VPN routing Internet thought tunnel

  • i have Set Up Open VPN on Pfsense successfully.

    I can connect from home to the office successfully and also my internet traffic is routed from the VPN tunnel. (External IP on the browser is my office static IP)
    On a client the other day I had successfully connected with my VPN to the office but the Internet traffic was not routing through my VPN tunnel.
    Probably the client internal network was configured as not to allow my internet traffic to route through my VPN?
    I just need to know how this works and what is controlling the routing of internet traffic. Or if I can prevent this from happening as if am connected with OPENVPN to PFSence my Internet traffic to always be routed from the VPN tunnel.
    Hope I was clear.

  • If you check the "Redirect gateway" option in the server settings the server pushes the default route to the client (connections to any IP which is not part of the clients network), when the connection is established. The vpn client software must accept the route and must have permissions to change routes on the client computer.
    In the clients routing table you will find 2 entries for that:
    Both pointing to the VPN servers tunnel IP address.

    So maybe if the route is not set on the client, the client software is missing proper permissions.
    The clients vpn log will give more information about what's happening.

  • Redirect Gateway: is set to Force all client generated traffic through the tunnel.

    The user when he goes home the traffic is "correctly" redirected through the tunnel
    The user when he is at a client side the traffic does not redirect through the tunnel.
    (OpenVPN is on his laptop)

    What i was wondering is why does it get redirected in his home network and why it does not get redirected at another location.

    I do understand that it way have to do with network traffic policy’s that exist within the clients network but I just needed a more detailed view on the issue.

    Thanks for the previous reply.

Log in to reply