Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN Server Gateway Redirect

    Scheduled Pinned Locked Moved OpenVPN
    27 Posts 2 Posters 2.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • manjotscM
      manjotsc
      last edited by manjotsc

      I want to redirect my OpenVPN client thru my WAN IP address, That's my config.

      persist-tun
      persist-key
      cipher AES-256-CBC
      ncp-ciphers AES-128-GCM
      auth SHA256
      tls-client
      client
      remote vpn.******.net 1191 udp
      auth-user-pass
      remote-cert-tls server
      redirect-gateway def1

      Vendor: HP
      Version: P01 Ver. 02.50
      Release Date: Wed Jul 17 2024
      Boot Method: UEFI
      24.11-RELEASE (amd64)
      FreeBSD 15.0-CURRENT
      CPU Type: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz
      Current: 3606 MHz, Max: 3400 MHz
      4 CPUs : 1 package(s) x 4 core(s)

      1 Reply Last reply Reply Quote 0
      • V
        viragomann
        last edited by

        Fine, should work. Is that all you want to tell us?

        1 Reply Last reply Reply Quote 0
        • manjotscM
          manjotsc
          last edited by manjotsc

          It's not working 😔, public ip doesn't change, when connect to open VPN server with these settings.

          Vendor: HP
          Version: P01 Ver. 02.50
          Release Date: Wed Jul 17 2024
          Boot Method: UEFI
          24.11-RELEASE (amd64)
          FreeBSD 15.0-CURRENT
          CPU Type: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz
          Current: 3606 MHz, Max: 3400 MHz
          4 CPUs : 1 package(s) x 4 core(s)

          1 Reply Last reply Reply Quote 0
          • V
            viragomann
            last edited by

            So you're managing the OpenVPN server yourself?
            The connection seems to be established?
            Can you access remote devices?
            Have you access to the internet on the client while the connection is up?

            manjotscM 1 Reply Last reply Reply Quote 0
            • manjotscM
              manjotsc @viragomann
              last edited by

              @viragomann

              So you're managing the OpenVPN server yourself? Yes, on Pfsense
              The connection seems to be established? Yes, it does and works, but Public IP doesn't change on client side
              Can you access remote devices? some yes some no
              Have you access to the internet on the client while the connection is up? Yes

              Vendor: HP
              Version: P01 Ver. 02.50
              Release Date: Wed Jul 17 2024
              Boot Method: UEFI
              24.11-RELEASE (amd64)
              FreeBSD 15.0-CURRENT
              CPU Type: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz
              Current: 3606 MHz, Max: 3400 MHz
              4 CPUs : 1 package(s) x 4 core(s)

              V 1 Reply Last reply Reply Quote 0
              • V
                viragomann @manjotsc
                last edited by

                @manjotsc said in OpenVPN Server Gateway Redirect:

                Can you access remote devices? some yes some no

                These one you can't maybe block access themselves by the OS firewalls.

                What's your server config? Possibly it overrides the client settings.
                Some clues in the client log? Probably it doesn't set the default route correctly.

                What is the client? A phone, Windows, Linux?

                manjotscM 1 Reply Last reply Reply Quote 0
                • manjotscM
                  manjotsc @viragomann
                  last edited by manjotsc

                  @viragomann The config https://drive.google.com/file/d/1DYdh8ikZ2x9JFrvlfViJlUBMwmvxxKJD/preview

                  I tried on Android Device using openvpn app.

                  Vendor: HP
                  Version: P01 Ver. 02.50
                  Release Date: Wed Jul 17 2024
                  Boot Method: UEFI
                  24.11-RELEASE (amd64)
                  FreeBSD 15.0-CURRENT
                  CPU Type: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz
                  Current: 3606 MHz, Max: 3400 MHz
                  4 CPUs : 1 package(s) x 4 core(s)

                  1 Reply Last reply Reply Quote 0
                  • V
                    viragomann
                    last edited by

                    So remove the "IPv4 Local Networks" and check "redirect gateway" in the server settings.

                    Consider that you also have to add a outbound NAT rule for the OpenVPN tunnel network for internet access from VPN clients.

                    manjotscM 1 Reply Last reply Reply Quote 0
                    • manjotscM
                      manjotsc @viragomann
                      last edited by

                      @viragomann What that rule would be?

                      Vendor: HP
                      Version: P01 Ver. 02.50
                      Release Date: Wed Jul 17 2024
                      Boot Method: UEFI
                      24.11-RELEASE (amd64)
                      FreeBSD 15.0-CURRENT
                      CPU Type: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz
                      Current: 3606 MHz, Max: 3400 MHz
                      4 CPUs : 1 package(s) x 4 core(s)

                      1 Reply Last reply Reply Quote 0
                      • V
                        viragomann
                        last edited by viragomann

                        When packets from private sources are sent out to the internet, the router has to translate the source addresses into its WAN address.
                        pfSense does this automatically for internal subnets, but not for OpenVPN clients.

                        To configure this, go to Firewall > NAT > Outbound
                        Assuming it is still working in automatic mode, switch to hybrid mode and save it at first.
                        Then add a new rule:
                        interface: WAN
                        source: <OpenVPN tunnel network>
                        destination: any
                        translation: interface address

                        manjotscM 1 Reply Last reply Reply Quote 0
                        • manjotscM
                          manjotsc @viragomann
                          last edited by manjotsc

                          @viragomann Now I when connected can't visit any website

                          Annotation 2019-11-30 195145.png

                          Vendor: HP
                          Version: P01 Ver. 02.50
                          Release Date: Wed Jul 17 2024
                          Boot Method: UEFI
                          24.11-RELEASE (amd64)
                          FreeBSD 15.0-CURRENT
                          CPU Type: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz
                          Current: 3606 MHz, Max: 3400 MHz
                          4 CPUs : 1 package(s) x 4 core(s)

                          1 Reply Last reply Reply Quote 0
                          • V
                            viragomann
                            last edited by

                            Try to reboot pfSense.

                            If that doesn't resolve, check the firewall rule on the OpenVPN tab.

                            manjotscM 1 Reply Last reply Reply Quote 0
                            • manjotscM
                              manjotsc @viragomann
                              last edited by

                              @viragomann Annotation 2019-11-30 195304.png

                              Vendor: HP
                              Version: P01 Ver. 02.50
                              Release Date: Wed Jul 17 2024
                              Boot Method: UEFI
                              24.11-RELEASE (amd64)
                              FreeBSD 15.0-CURRENT
                              CPU Type: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz
                              Current: 3606 MHz, Max: 3400 MHz
                              4 CPUs : 1 package(s) x 4 core(s)

                              V 1 Reply Last reply Reply Quote 0
                              • V
                                viragomann @manjotsc
                                last edited by

                                Can't see, what's the rule for the OpenVPN tunnel, since I don't know the network.

                                You must not allow access from any to any, since you're obviously running VPN services. This way you open your network to the VPN service networks.
                                You have to restrict the access to your acess server clients.

                                manjotscM 1 Reply Last reply Reply Quote 0
                                • manjotscM
                                  manjotsc @viragomann
                                  last edited by

                                  @viragomann Annotation 2019-11-30 202100.png UDPVPNSERVER is the interface I created for The VPN Server,

                                  Vendor: HP
                                  Version: P01 Ver. 02.50
                                  Release Date: Wed Jul 17 2024
                                  Boot Method: UEFI
                                  24.11-RELEASE (amd64)
                                  FreeBSD 15.0-CURRENT
                                  CPU Type: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz
                                  Current: 3606 MHz, Max: 3400 MHz
                                  4 CPUs : 1 package(s) x 4 core(s)

                                  1 Reply Last reply Reply Quote 0
                                  • V
                                    viragomann
                                    last edited by

                                    But PUREVPNCA may be a VPN service you're connecting to.

                                    1 Reply Last reply Reply Quote 0
                                    • V
                                      viragomann
                                      last edited by

                                      If you disable the rule on the OpenVPN interface you have to add a rule to the UDPVPNSERVER to allow access to your DNS server. The existing rule only allow access to the WAN gateway.

                                      manjotscM 1 Reply Last reply Reply Quote 0
                                      • manjotscM
                                        manjotsc @viragomann
                                        last edited by manjotsc

                                        @viragomann What Should go in Source and Destination, for dns

                                        Annotation 2019-11-30 203515.png

                                        Vendor: HP
                                        Version: P01 Ver. 02.50
                                        Release Date: Wed Jul 17 2024
                                        Boot Method: UEFI
                                        24.11-RELEASE (amd64)
                                        FreeBSD 15.0-CURRENT
                                        CPU Type: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz
                                        Current: 3606 MHz, Max: 3400 MHz
                                        4 CPUs : 1 package(s) x 4 core(s)

                                        1 Reply Last reply Reply Quote 0
                                        • V
                                          viragomann
                                          last edited by

                                          The source should be the access server tunnel network.
                                          The destination is the DNS servers you provide to the clients. Taking a look at your server settings, these are 192.168.40.4 and 192.168.40.1.

                                          manjotscM 1 Reply Last reply Reply Quote 0
                                          • manjotscM
                                            manjotsc @viragomann
                                            last edited by

                                            @viragomann Still not working , DNS_Server is alias for DNS ip address,

                                            Annotation 2019-11-30 204921.png

                                            Vendor: HP
                                            Version: P01 Ver. 02.50
                                            Release Date: Wed Jul 17 2024
                                            Boot Method: UEFI
                                            24.11-RELEASE (amd64)
                                            FreeBSD 15.0-CURRENT
                                            CPU Type: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz
                                            Current: 3606 MHz, Max: 3400 MHz
                                            4 CPUs : 1 package(s) x 4 core(s)

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.