Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Dedicated VLAN+VAP for Openvpn client - no net for main network

    Scheduled Pinned Locked Moved OpenVPN
    3 Posts 1 Posters 593 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • bthovenB
      bthoven
      last edited by bthoven

      My goal is to have a dedicated Virtual AP (named vpn bbc, in my case) for my openvpn client connection to vpnunlimited UK server.

      From the attached diagram, my pfSense connects to my dd-wrt AP with main network subnet 192.168.2.x. There are a number of VLANs and VAPs for my iot and guest devices. My main network can access the iot and guest devices, but not the other way. These are all working fine. DHCP/DNS/firewall rules for all of them are managed by pfSense.

      I've created another VLAN (6) and VAP to support the VPN clients (I want to see BBC iplayer program). The VLAN/VAP itself without OpenVPN client is working fine as usual. But when I create the OpenVPN client by following the guide from vpnunlimited here:
      https://www.vpnunlimitedapp.com/en/info/manuals/pfsense-configuration-guide
      I have the following situation, when I connect my pfSense to Openvpn client:

      1. the openvpn client connected successfully
      2. when I connected to my VAP which dedicated to the vpn (vpn_bcc), I have internet connection, and whatismyip reports my location as UK site. I can play BBC iPlayer video without problem
      3. but when I switch my connection to my main network (192.168.2.x, 192.168.4.x, 192.168.5.x), there is no internet

      So in summary, whenever pfSense connects to openvpn client, no internet connection on all networks, except the VAP (vpn bbc) which I intend to. Any suggestion I have done something wrong or not enough?

      If you would like to see more of my setup on PfSense, please let me know.
      fyi, I also have openvpn server running (allow to securely connect to my local network from outside). I don't think it is relevant, though.

      Thanks.

      8832cb52-c907-463b-a30b-a70405595554-image.png

      Here is my setup on pfSense:
      Interface:
      47110d42-b4af-485e-b888-daa208e806c8-image.png

      No rule for the Openvpn client
      0954b6d9-b9f6-4d71-bbea-a4933d9d8aee-image.png

      Rules for the VLAN6 which dedicated to vpn_bbc
      1af98e44-188b-4e7f-ab75-ac9a6be94934-image.png

      Alia
      1ee63742-96b6-43db-a309-daeadf23c551-image.png

      outbound NAT part 1
      4d23aa0a-880b-4810-a2f0-8bb88da7239a-image.png
      outbound NAT part 2
      20b4c46c-e6eb-4838-b104-dbcf8fb1b819-image.png

      VPN client setting:
      35ef1e31-78bb-4667-bbd9-52b945125913-image.png

      Interface assignment:
      c4ca7fda-28c5-4abb-bdf3-2d79bf70cffd-image.png

      1 Reply Last reply Reply Quote 0
      • bthovenB
        bthoven
        last edited by

        additional LAN rule
        dd38085a-dd38-4300-9657-c0ccfaa3603b-image.png

        1 Reply Last reply Reply Quote 0
        • bthovenB
          bthoven
          last edited by bthoven

          Update:
          Thanks to this guide: https://blog.monstermuffin.org/tunneling-specific-traffic-over-a-vpn-with-pfsense/
          I need to do two more things on the vpn client settings:

          • check the "Don't add/remove routes"
          • add "route-nopull" in the Custom options
            Now it works as it should be, i.e., my virtual AP VPN_BBC has 7/24 vpn whilst my other subnets have normal internet traffic.
            a81384b2-9851-4ef9-8814-327a8b2cbe0a-image.png
          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.