OpenVPN Connects but doesn't work



  • I am trying to route some traffic through pia's VPN based on ports or client ip, but it doesn't work.

    I have first verified that the connection does work if I don't fiddle with it (everything gets routed through the vpn).
    But then I checked the option to disallow sever-side route addition (route-no-pull, then I found the checkbox) , and have since been able to selectively route any traffic over.
    I checked out a few guides, and did basically the same advice a few times over.
    1. Add outbound NAT rules in hybrid NAT mode.
    2. Add firewall rules that specify source (I used an alias) and gateway (which I added for the VPN).

    So I tried to ping from the specified client, and found that while I could reach the virtual ip I was assigned (10.xx.xx.xx), I could not reach the remote ip (the external ip of the pia server).

    Advice and help is appreciated.

    Edit: I should also add that I first started the other way around, without adding route-no-pull, and was unable to redirect traffic back to the regular wan gateway either.



  • Going to leave a reply here since I figured it out.

    Turns out layer 3 routing doesn't work with a switch.
    Which in retrospect obviously it doesn't, switches are level 2.
    I had previously followed a guide that had me set up an interface group consisting of a few nics I have on the pfsense box.
    And the guide had me set up an allow all rule on the interface group.

    And any rules I placed on the interface group doesn't actually redirect packet to gateway according to source.
    It just doesn't work.

    But as it turns out, I didin't actually need the allow all rule on the interface group anyways.
    I deleted the rule on the interface group, and then everything worked as it should on lan0.
    Again, this should have been obvious in retrospect because the lan0 firewall rule never had any states, but the interface group rule had all the states.

    Hope this helps someone else.


Log in to reply