How do I force all internet through the VPN tunnel?



  • Hello, I have a peer to peer VPN set up in my SG-1100 (Netgate) firewall. I am trying to get it so that all of my network traffic (0.0.0.0/0) goes through the VPN tunnel when connected.

    I have tried so many different things, but nothing seems to work.



  • You might want to paste some route info. (Diagnostics | Routes). Sounds like you have to change your default route somehow to go through the Openvpn tunnel instead of the WAN. What have you tried so far?



  • On your end, you have to assign the tunnel to an interface, which creates a gateway. Then policy route your traffic over the tunnel via firewall rules that leverage the gateway that was created in the first step.

    On the remote end, there needs to be a NAT entry for your LAN subnet.



  • This post is deleted!


  • @marvosa said in How do I force all internet through the VPN tunnel?:

    On your end, you have to assign the tunnel to an interface, which creates a gateway. Then policy route your traffic over the tunnel via firewall rules that leverage the gateway that was created in the first step.

    On the remote end, there needs to be a NAT entry for your LAN subnet.

    Thanks, what side is my side, and what side is the remote side?
    Also, how do I do a Policy route?



  • Well, the topic is "How do I force all internet through the VPN tunnel?", so my assumption is you want internet traffic on your LAN forced thru a VPN tunnel, correct? If so, your end is the local end and the network behind the VPN is the remote (or far) end.

    how do I do a Policy route?

    1. Assign the VPN to an interface.
    2. On the LAN tab, create a firewall rule (above your LAN net/any rule) that has:
      a. Protocol = any
      b. Source = specify your LAN subnet or choose "
      c. Destination = any
      d. Gateway = The gateway IP created from assigning the VPN to an interface (This is done by expanding the "Advanced Options" section)

Log in to reply