4. Can I use gateway groups to add an OpenVPN Client?

Can I use gateway groups to add an OpenVPN Client?

  • S

    I'm a home user looking for an easy button with a VPN client. In certain scenarios I would like to route all of my traffic through a VPN client. I have tried multiple OpenVPN Client guides and I can't get any of them to work. So I started thinking about dropping the interface in a Gateway Group in a multiwan configuration and enable/disable the interface or OpenVPN Client as needed. Will this work how I think it could work? Is there a gotcha I might want to avoid?

    0
  • V

    Just add an additional LAN rule to direct the traffic to the vpn gateway to the top of the rule set.
    FW rules can be enabled or disabled by two clicks.

    0
  • S

    Are you talking about a NAT rule? Can you explain a bit more so I can give it a try? I like the "two clicks" simplicity because that's exactly what I'm looking for. When I have tried adding NAT rules per the guides it appears inbound traffic isn't making it to my OpenVPN Client interface.

    0
  • V

    No, a firewall filter rule.
    Assuming you have already a running OpenVPN clien and assigned an interface to the client instance and you have the default allow-any rule on the LAN in place, copy that rule by hitting the copy button on the right side, edit it and open the advanced options, go down to "Gateway" and pick the OpenVPN gateway and save it.
    Put this rule to the top of the LAN rule set. This directs any traffic over the vpn now.
    On the right side under Actions you'll find a "disable" button. Hitting it followed by Apply will disable the rule and the traffic will be directed to the default gateway again.

    0
  • S

    I tried this and nothing changed. I love the simplicity of it and it makes sense to me. I don't get why the 5+ guides I have tried don't work. I have a reasonably simple setup other than I have multiple VLANs rather than one LAN. Could that somehow be causing me all of my troubles? The only purpose to the VLANs is separation from each other. They all have gateways to the Internet.

    0
  • V

    Is the vpn client working basically? Have you ever successfully directed a packet over the vpn yet?

    0
  • S

    I think so. It says it has connected and the traffic graphs show outgoing traffic over the OpenVPN interface but nothing coming in.

    0
  • S

    I tried this again and rebooted just to be sure. In the traffic graphs I see outgoing traffic on the OpenVPN interface but no traffic coming in. This is always the problem I have when I try any of the countless guides on this. Where am I going wrong?

    0
  • V

    Probably you're missing the outbound NAT rule for the VLAN you want to direct over the VPN.

    To get better help here, you have to provide more details about your setup:

    • vpn client config
    • interface settings
    • firewall rules
    • outbound NAT rules
    0
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy