Routing of OpenVPN to specific IP LAN addresses



  • I have set up an OpenVPN interface and gateway to StrongVPN using these instructions (http://swimminginthought.com/pfsense-routing-traffic-strongvpn-openvpn/), and it seems to work.

    However, I need only certain assets in the LAN to be routed through the StrongVPN gateways, whereas most others should go through the conventional LAN gateway. Note that the DHCP services in my LAN are not provided by the pfSense router, but instead by a Windows Server.

    Might you be so kind and explain to me which rules do I need to set up in order to make sure that asset with IP 10.10.0.1 routes through the WAN whereas 10.10.0.1 routes through OpenVPN? Many thanks in advance!



  • @aagaag:

    which rules do I need to set up in order to make sure that asset with IP 10.10.0.1 routes through the WAN whereas 10.10.0.1 routes through OpenVPN?

    ???

    That tutorial seems to be very old above all (pfSense 1.2.x?)

    Don't set an allow any rule on the OpenVPN interface as described in the tutorial if you have no special reason to allow incoming traffic from VPN!

    Remove the redirect gateway option and check "Don't pull routes" in the client settings.
    Add an alias to pfSense in Firewall > Aliases > IP and add all IPs to it you want to direct over the VPN.
    Add a firewall rule to the LAN interface or which one the vpn devices are attached to, allowing outgoing access, open the advanced options, go down to gateway and select the OpenVPN gateway.


Log in to reply