Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    When OpenVPN is up WAN Outbound stops

    Scheduled Pinned Locked Moved NAT
    3 Posts 2 Posters 462 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      CaretakersCurse
      last edited by CaretakersCurse

      My network has a few subnets broken onto different interfaces via VLANs. I am looking to make one of these subnets go outbound exclusively via the OpenVPN connection and have no access to the WAN. Conversely the rest of the subnets should only use the WAN for Outbound and have no access to the OpenVPN connection.

      The issue is that something I've done has caused my WAN-bound networks to get cut of from the WAN when when the OpenVPN interface comes up. If any connections are open (like an active ping) it will stay up, but can't be made again once closed.

      That said when this happens, the OpenVPN subnet works as expected when the OpenVPN service is online. It can get out and with the expected public IP when it does.

      Been working on this all day and I feel like I'm right at the edge of getting this working. If anyone can let me know what I might have done wrong please let me know.

      Attached is my current Outbound NAT rule list... I know it's a mess sorry I've been trying anything I can at this point.

      PIAVPN: OpenVPN Interface
      PIALAN: OpenVPN Subnet
      SERVERS, PERSONAL: WAN-bound networks

      0_1546833384831_natout.png
      Thanks all for the help in advance.

      1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by

        You probably want to check the Don't Pull Routes checkbox in the VPN client and policy route traffic from 10.0.12.0/24 to the VPN.

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        C 1 Reply Last reply Reply Quote 1
        • C
          CaretakersCurse @Derelict
          last edited by CaretakersCurse

          @derelict Oh man... I knew it was something simple. I had done this once before and completely forgot about that "Don't Pull Routes" option. Thank you so much!

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.