4. OpenVPN Site-to-Site as default for one Subnet-Interface

OpenVPN Site-to-Site as default for one Subnet-Interface

  • Y

    Hello,

    i have 2 pfsense wich are connected via a Site-to-site Openvpn network. The connection works between both sides.

    But i want to force one local network (opt1) to use the other sides WAN to access the internet.

    So this is the wanted route for any traffic:

    PC > opt1-L > pfsense-L -------vpn------- pfsense-R > Internet

    I tried to setup a Rule for opt1-L like:
    from: Any
    to: Any
    (Advanced) force Gateway: OpenVPN-Gateway
    Set the rules on the pfsense-R side to allow all traffic from ANY to ANY on pfsense-R (VPN&Network)

    The OpenVPN-Server is pfsense-R
    The traffic from LAN must still be routed via the local WAN of pfsense-L

    Does anyone has a suggestion for this setup?

    0
  • V

    • "OpenVPN-GW" is handled as a gateway group including all OpenVPN instances (servers and clients) on pfSesne. So if you running multiple OpenVPN instances on L assign an interface to the concerned one and use the gateway of it for policy routing.
    • On pfSense R add an outbound NAT rule to the WAN interface for the source network opt1, translating source addresses to the WAN address.
    0
 

© Copyright 2002 - 2018 Rubicon Communications, LLC | Privacy Policy