Dual routing from OpenVPN server to Client Internet



  • I have successfully setup an OpenVPN between two Pfsense 2.4 systems. One is the OpenVPN Server, and the other is the OpenVPN client.

    OpenVPN Server can access the OpenVPN Client LAN no problem.

    OpenVPN Client can access the OpenVPN Server LAN no problem.

    OpenVPN Server cannot access the OpenVPN Client's internet connection.

    OpenVPN Client can access the OpenVPN Server's internet connection no problem (with the right NAT and firewall rules).

    Is it even possible for the OpenVPN Server to be able to access the OpenVPN Client's internet connection. No matter what rules I try to put in place, I can't get it to work. Before getting into details of potential rules to make it work, I just want to ask whether what I am trying to do is even possible?


  • Rebel Alliance

    Why would you even use the Internet Connection from the far side? I don't get your point...

    -Rico



  • avoid geobkocking



  • Can't say I've ever tried it that way... it's usually the other way around due to the server typically having the faster connection, but the short answer is yes. You should be able to policy route specific server-side traffic over the tunnel and then NAT it out the client-side WAN.


  • Netgate

    You will need to policy route the traffic out the OpenVPN to the client side most likely.

    I can't imagine a very satisfactory experience if both sides have redirect-gateway enabled to the other.