• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

I need help writing NAT / rules to route select IP traffic through openvpn client

NAT
vpn client
3
4
1.2k
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • M
    moussa854
    last edited by moussa854 Jan 2, 2020, 5:41 PM Dec 30, 2019, 3:22 AM

    I have two openvpn clients installed on pfsense "all-client" and "VOIP_client". The first one (all-client) will route all traffic to an OpenVPN server. Working great. I would like to use the second (VOIP_client) to route the traffic from VOIP phones to OpenVPN server on FreePBX. I made IP Aliases for all VOIP phones (VOIP_phones). I installed VOIP_client and it is up and running and connected to OpenVPN server on FreePBX. I made an interface for VOIP_client and called it "FreePBXVPNInterface" I do not know how to write the rules / NAT to route the VOIP_phones traffic through VOIP_client. Here is screenshot of my NAT and rule. There are no other rules / NAT on the other interfaces.

    I appreciate some help.

    login-to-view
    login-to-view
    login-to-view

    1 Reply Last reply Reply Quote 0
    • V
      viragomann
      last edited by Dec 30, 2019, 10:25 AM

      You have to add a Policy Routing rule to direct the VOIP traffic over the VPN. Guessing your VOIP phones are in the LAN, add a firewall rule to top of the LAN interface rule set similar to your third rule with GCPVPNINTERFACE_VPNV4:
      source = VOIP alias
      dest. = any
      Gateway = FreePBXVPNInterface GW

      Also you need an outbound NAT rule. You may copy your last rule of the outbound NAT rule set, change the interface to FreePBXVPNInterface and the translation address to "interface address".

      1 Reply Last reply Reply Quote 1
      • M
        moussa854
        last edited by moussa854 Jan 2, 2020, 11:26 PM Dec 31, 2019, 2:47 PM

        Thank you, @viragomann.

        Edit:
        I think I spoke early. I am having issue with connection / sound. I created a rule on LAN:
        Protocol IPv4 *
        Source VOIP_PHONES
        Port *
        Destination *
        Port *
        Gateway FREEPBXVPNINTERFACE_VPN4

        I also replicated all the outbound NAT for the FREEPBXVPNINTERFACE. When I checked the States I am getting CLOSED:SYN_SENT and SYN_SENT:CLOSED

        If I change the Gateway to GCPVPNINTERFACE_VPN4 I got ESTABLISHED:ESTABLISHED. I compared Both Gateway and they look the same.

        If I ping the FreePBX server as FREEPBXVPNINTERFACE I got 100.0% packet loss. If I ping the FreePBX from my computer (or GCPVPNINTERFACE) I got 0% packet loss

        It looks like the FREEPBXVPNINTERFACE / Gateway is not passing the traffic. Any idea on how to troubleshoot this?

        C 1 Reply Last reply Dec 11, 2023, 11:06 AM Reply Quote 0
        • C
          cnnsndnsqu @moussa854
          last edited by Dec 11, 2023, 11:06 AM

          Thanks for the information!

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.