Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Route some IP's/traffic through pfsense gateway

    Scheduled Pinned Locked Moved OpenVPN
    6 Posts 3 Posters 673 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      stevetoza
      last edited by

      Hi All,

      Looking for some help, we have staff that connect to our openvpn to access internal resources. This is a split tunnel the gateway is not redirected.
      Some staff need access to external servers via remote desktop, which is locked down to our IP address/Gateway on our pfsense router.

      How can I create a list of IP's staff can access via openvpn thats redirected through the pfsense gateway while keeping the gateway not redirected for all other traffic.

      Many THanks

      Steve

      1 Reply Last reply Reply Quote 0
      • V
        viragomann
        last edited by viragomann

        Read your post twice. As I understand it now, that concerns only road-warrior clients.

        So to route the client traffic to the concerned external servers over the vpn, add all these server to your access server settings to "Local Network/s" in CIDR notation. E.g. 1.1.1.1/32

        Add on outbound NAT rule for your clients (Firewall > NAT > Outbound). If it is in automatic mode switch to hybrid at first.
        Then add a rule:
        interface: WAN
        source: <the access server tunnel network>
        dest: any
        tranlation: interface address

        If you have resticted the vpn client access, ensure to add a firewall rule to allow the access.

        S 1 Reply Last reply Reply Quote 1
        • A
          Asamat Global Moderator
          last edited by

          I'm afraid you can't do it with one OpenVPN tunnel. You can create second OpenVPN tunnel or use IPsec RA with Pre-Shared Keys option which allows you to assign different IP-subnets to different clients and then aplly different firewall rules for each of them:
          0_1547729795534_96fb64cf-3fef-45bf-8cf2-bb4f3fcf9c38-image.png

          • https://www.netgate.com/docs/pfsense/vpn/ipsec/configuring-an-ipsec-remote-access-mobile-vpn-using-ikev2-with-eap-mschapv2.html#set-up-mobile-ipsec-for-ikev2-eap-mschapv2
          1 Reply Last reply Reply Quote 0
          • S
            stevetoza @viragomann
            last edited by

            @viragomann do you have a working setup where you could post some screen shots of the config. Thanks

            V 1 Reply Last reply Reply Quote 0
            • V
              viragomann @stevetoza
              last edited by

              @stevetoza
              Read your post twice and edited my answer above.

              S 1 Reply Last reply Reply Quote 1
              • S
                stevetoza @viragomann
                last edited by

                @viragomann Thanks very much, that works perfectly :)

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.