[Solved] Help routing all traffic through PFSense OpenVPN

  • My apologies in advance - few things make me feel as stupid as networking. Hardware/software? No sweat. Networking? Black magic. I've spent about ten hours on this between Google, Reddit, these forums, and trying configs. I'm sure I'm missing a simple setting somewhere but I just can't seem to find it.

    I've configured OpenVPN on PFSense and am able to connect through my phone using the OpenVPN app. I can reach internet network resources just fine. I realized today that my IP is still showing as my cell carrier, Starbucks wifi, or whatever. I'd like to route all traffic through the VPN connection. From what I've seen,

    push "redirect-gateway def1"

    in the PFSense OpenVPN config is where you start, forcing all traffic through the VPN. Now, there's no internet. Back to Google and it looks like I need outbound NAT rules to be able to access the web. I set these up based on existing WAN rules:
    NAT screenshot

    My local subnet is and I set OpenVPN to There's a WAN rule to forward * source/port to the OpenVPN port. Still no internet access and I couldn't access local resources (EG: router) for about 10 min, at which point it became available again. Any tips on where to look to find my mistake? Thanks in advance.

  • Check these:

    • force all client-generated IPv4 traffic through the tunnel in OpenVPN server configuration
    • add needed rules to Firewall / Rules / OpenVPN
    • it should work fine with Automatic outbound NAT

  • @viktor_g thanks, I’ve checked the “route all traffic” box in addition to the push command. I hadn’t seen that mentioned in the articles I read, so I assumed it was redundant. No luck yet. I think your #2 step may be where I’m missing something. Any suggestions on what firewall rules are needed beyond the one I have?

  • @Crlaozwyn out something like Screenshot from 2019-08-15 17-03-30.png

    • where is your IPv4 Tunnel Network from OpenVPN server configuration
      and any extra restrictions on top of rules, if you need it

  • Ah yes, I had it going from * to *. I tried switching the source to my Tunnel Network address but it didn't make a difference.

  • Got it! Thanks so much for your help.

    I've changed a dozen settings in the last couple of days so it's hard for me to say exactly what did it. The last thing I did before it started working was actually to uncheck the box that says "Force all client-generated IPv4 traffic through the tunnel." And now when I go back in, it shows checked again... hmmm.

    In any case, it's working now and I hopefully won't ever have to do any troubleshooting ;) Thank you again for taking the time to help me.

Log in to reply