4. OpenVPN Site-to-Site as default for one Subnet-Interface

OpenVPN Site-to-Site as default for one Subnet-Interface

  • Y

    Hello,

    i have 2 pfsense wich are connected via a Site-to-site Openvpn network. The connection works between both sides.

    But i want to force one local network (opt1) to use the other sides WAN to access the internet.

    So this is the wanted route for any traffic:

    PC > opt1-L > pfsense-L -------vpn------- pfsense-R > Internet

    I tried to setup a Rule for opt1-L like:
    from: Any
    to: Any
    (Advanced) force Gateway: OpenVPN-Gateway
    Set the rules on the pfsense-R side to allow all traffic from ANY to ANY on pfsense-R (VPN&Network)

    The OpenVPN-Server is pfsense-R
    The traffic from LAN must still be routed via the local WAN of pfsense-L

    Does anyone has a suggestion for this setup?

    0
  • V

    • "OpenVPN-GW" is handled as a gateway group including all OpenVPN instances (servers and clients) on pfSesne. So if you running multiple OpenVPN instances on L assign an interface to the concerned one and use the gateway of it for policy routing.
    • On pfSense R add an outbound NAT rule to the WAN interface for the source network opt1, translating source addresses to the WAN address.
    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy