force entire LAN traffic through OpenVPN client
-
I could successfully achieve a remote connection to my data server: OpenVPN client > WAN > PfSense OpenVPN Server > LAN > Data Server.
Now I would like to set up a second OpenVPN server to route the whole local network traffic of one machine through a tunnel: OpenVPN Client > LAN > second PfSense OpenVPN Server > Data Server. I basically applied the same rules to the second OpenVPN server but changed it to LAN based instead WAN based. So far the client successfully connects to the desired OpenVPN server in a tunneled network but will not be forwarded to the LAN network, hence can't communicate with the data server.
I've been messing around for some time with the OpenVPN server setting, NAT configuration and firewall rules. Either this configuration is not possible yet because I've been missing something in my PfSense settings or due to my current metrics in Windows 10. I changed the TAP Adapter (OpenVPN client) metrics in Windows 10 to 2, the Ethernet Adapter is still 16. When I cmd "route print" the metrics are still the same. Why is that? See metrics explanation source: https://pandapow.io/how-to/win10-set-network-adapter-metric/
Any hint or example would safe the day.
-
@baumkuchen said in force entire LAN traffic through OpenVPN client:
I changed the TAP Adapter (OpenVPN client) metrics in Windows 10 to 2, the Ethernet Adapter is still 16. When I cmd "route print" the metrics are still the same. Why is that?
If you're using TAP, you're bridging at layer 2, not routing at layer 3, so no route. It would be the same as an Ethernet switch getting a route.
-
One other thing, think about how a switch works. It does not force all the traffic through any port. It forwards it according to the destination MAC address. If the destination is not at the other end of the TAP VPN, it will not send a packet that way.
-
Thank you for your guidance.
For layer 2, do I first need to specify the destination for LAN Ethernet adapter to the TAP adapter in Windows 10? You said routing is not an option, so what about bridging?
https://openvpn.net/community-resources/ethernet-bridging/How I am supposed to send all traffic through the tunnel?
-
With TAP you have the equivalent of an Ethernet switch or bridge. There's nothing to configure.
I have never set up a TAP adapter on anything, so I can't help with that.
