Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Can I use gateway groups to add an OpenVPN Client?

    Scheduled Pinned Locked Moved Routing and Multi WAN
    9 Posts 2 Posters 657 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      scottlindner
      last edited by

      I'm a home user looking for an easy button with a VPN client. In certain scenarios I would like to route all of my traffic through a VPN client. I have tried multiple OpenVPN Client guides and I can't get any of them to work. So I started thinking about dropping the interface in a Gateway Group in a multiwan configuration and enable/disable the interface or OpenVPN Client as needed. Will this work how I think it could work? Is there a gotcha I might want to avoid?

      1 Reply Last reply Reply Quote 0
      • V
        viragomann
        last edited by

        Just add an additional LAN rule to direct the traffic to the vpn gateway to the top of the rule set.
        FW rules can be enabled or disabled by two clicks.

        1 Reply Last reply Reply Quote 0
        • S
          scottlindner
          last edited by

          Are you talking about a NAT rule? Can you explain a bit more so I can give it a try? I like the "two clicks" simplicity because that's exactly what I'm looking for. When I have tried adding NAT rules per the guides it appears inbound traffic isn't making it to my OpenVPN Client interface.

          1 Reply Last reply Reply Quote 0
          • V
            viragomann
            last edited by

            No, a firewall filter rule.
            Assuming you have already a running OpenVPN clien and assigned an interface to the client instance and you have the default allow-any rule on the LAN in place, copy that rule by hitting the copy button on the right side, edit it and open the advanced options, go down to "Gateway" and pick the OpenVPN gateway and save it.
            Put this rule to the top of the LAN rule set. This directs any traffic over the vpn now.
            On the right side under Actions you'll find a "disable" button. Hitting it followed by Apply will disable the rule and the traffic will be directed to the default gateway again.

            1 Reply Last reply Reply Quote 0
            • S
              scottlindner
              last edited by

              I tried this and nothing changed. I love the simplicity of it and it makes sense to me. I don't get why the 5+ guides I have tried don't work. I have a reasonably simple setup other than I have multiple VLANs rather than one LAN. Could that somehow be causing me all of my troubles? The only purpose to the VLANs is separation from each other. They all have gateways to the Internet.

              1 Reply Last reply Reply Quote 0
              • V
                viragomann
                last edited by

                Is the vpn client working basically? Have you ever successfully directed a packet over the vpn yet?

                1 Reply Last reply Reply Quote 0
                • S
                  scottlindner
                  last edited by

                  I think so. It says it has connected and the traffic graphs show outgoing traffic over the OpenVPN interface but nothing coming in.

                  1 Reply Last reply Reply Quote 0
                  • S
                    scottlindner
                    last edited by

                    I tried this again and rebooted just to be sure. In the traffic graphs I see outgoing traffic on the OpenVPN interface but no traffic coming in. This is always the problem I have when I try any of the countless guides on this. Where am I going wrong?

                    1 Reply Last reply Reply Quote 0
                    • V
                      viragomann
                      last edited by

                      Probably you're missing the outbound NAT rule for the VLAN you want to direct over the VPN.

                      To get better help here, you have to provide more details about your setup:

                      • vpn client config
                      • interface settings
                      • firewall rules
                      • outbound NAT rules
                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.