Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    No internet traffic or network traffic when I "Force all client-generated IPv4 traffic through the tunnel"

    Scheduled Pinned Locked Moved OpenVPN
    2 Posts 2 Posters 636 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      FalconPA
      last edited by

      We installed pfSense 2.4.4 on FreeBSD 11.2 (latest version and updated).

      The host has 2 NICs configured:
      1 for WAN
      2 for LAN

      We are trying to setup a Remote access OpenVPN server connecting remote clients into the LAN network environment.

      We have setup a test environment which allows us to successfully connect a client to the VPN. The data crosses over from the VPN Tunnel Network to our LAN network when I use the push route option in the Custom options under Advanced Configuration.

      However, when I attempt to prevent split-tunneling by checking the box "Redirect IPv4 Gateway" to "Force all client-generated IPv4 traffic through the tunnel" on the OpenVPN server, the tunneled client lose both my internet connection and my connection to the LAN resources.

      My default Gateway for our tunneled traffic needs to be sent to our normal gateway on the LAN. I have tried configuring the pfSense LAN port's gateway as none and as the LAN side's normal Default Gateway but neither settings work.

      For security policy reasons, we need to have tunneled IP source address visibility into our security systems either bridged or routed onto the LAN subnet. Having a single NATted address isn't desired.

      1 Reply Last reply Reply Quote 0
      • jwsiJ
        jwsi
        last edited by

        Are you using NAT to map OpenVPN clients to an outbound WAN address? If you're not using NAT for clients to access the LAN network, you may need a route in place on pfSense to direct traffic back to the OpenVPN clients... If you can be more specific with subnets in use and also show a copy of the routing table on pfSense that would be a good place to start...

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.