No internet traffic or network traffic when I "Force all client-generated IPv4 traffic through the tunnel"

  • We installed pfSense 2.4.4 on FreeBSD 11.2 (latest version and updated).

    The host has 2 NICs configured:
    1 for WAN
    2 for LAN

    We are trying to setup a Remote access OpenVPN server connecting remote clients into the LAN network environment.

    We have setup a test environment which allows us to successfully connect a client to the VPN. The data crosses over from the VPN Tunnel Network to our LAN network when I use the push route option in the Custom options under Advanced Configuration.

    However, when I attempt to prevent split-tunneling by checking the box "Redirect IPv4 Gateway" to "Force all client-generated IPv4 traffic through the tunnel" on the OpenVPN server, the tunneled client lose both my internet connection and my connection to the LAN resources.

    My default Gateway for our tunneled traffic needs to be sent to our normal gateway on the LAN. I have tried configuring the pfSense LAN port's gateway as none and as the LAN side's normal Default Gateway but neither settings work.

    For security policy reasons, we need to have tunneled IP source address visibility into our security systems either bridged or routed onto the LAN subnet. Having a single NATted address isn't desired.

  • Are you using NAT to map OpenVPN clients to an outbound WAN address? If you're not using NAT for clients to access the LAN network, you may need a route in place on pfSense to direct traffic back to the OpenVPN clients... If you can be more specific with subnets in use and also show a copy of the routing table on pfSense that would be a good place to start...

Log in to reply