Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    default route no longer working

    Routing and Multi WAN
    2
    3
    462
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      SpaceBass
      last edited by SpaceBass

      Hey folks - I've been working on a project and the result is that I've learned a lot...and also seem to have broken something.

      original goals

      1. create a SSL OpenVPN connection for an 'on demand' iOS profile
        2.A. get a client OpenVPN to TorGuard working to route some traffic out through VPN
        2.B. route traffic from those on-demand clients out through TorGuard and deny them access to any internal network

      So here's what I did

      1. got the on-demand server and client working, connects fine
      2. learned a lot about aliases and rules and got it working to allow outbound to WAN but block to all internal network (with a few pin holes)
      3. finally got TorGuard working... something I've been tinkering with for months.
      4. turned on hybrid NAT

      here's what happened
      Now, traffic cannot route out of my LAN, other internal networks, or 'more trusted' OpenVPN connections without me specifying a gateway in the advanced settings in firewall rules. The default option doesn't work.

      The result is that, for instance, my trusted Road Warrior OpenVPN request a gateway to route traffic out. But when I set that gateway, I cannot reach my LAN.

      My question is...
      My perception is that adding the three (really the first) TorGuard VPN client broke something in my routes. I tried deleting them all and re-creating the clients and the interfaces in case something was just twisted in the config. No dice.

      Is correct to assume that I should be able to use the default rout settings in most rules and the system will route things appropriately over the selected default (wan) route...then only where I explicitly want to route over TorGuard I can set those settings in a specific rule.

      Here's my gateways:

      alt text

      here's my outbound NAT
      alt text

      here are my LAN rules
      alt text

      and my OpenVPN rules (for trusted VPNs)
      alt text

      1 Reply Last reply Reply Quote 0
      • S
        SpaceBass
        last edited by SpaceBass

        FWIW I have “don’t pull routes” set for the TorGard OVPN client connections

        1 Reply Last reply Reply Quote 0
        • DerelictD
          Derelict LAYER 8 Netgate
          last edited by

          If you are not pulling routes then you have to policy route to the VPNs. I don't see anything there that does that.

          Chattanooga, Tennessee, USA
          A comprehensive network diagram is worth 10,000 words and 15 conference calls.
          DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
          Do Not Chat For Help! NO_WAN_EGRESS(TM)

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.