Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    I need help writing NAT / rules to route select IP traffic through openvpn client

    Scheduled Pinned Locked Moved NAT
    vpn client
    4 Posts 3 Posters 1.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      moussa854
      last edited by moussa854

      I have two openvpn clients installed on pfsense "all-client" and "VOIP_client". The first one (all-client) will route all traffic to an OpenVPN server. Working great. I would like to use the second (VOIP_client) to route the traffic from VOIP phones to OpenVPN server on FreePBX. I made IP Aliases for all VOIP phones (VOIP_phones). I installed VOIP_client and it is up and running and connected to OpenVPN server on FreePBX. I made an interface for VOIP_client and called it "FreePBXVPNInterface" I do not know how to write the rules / NAT to route the VOIP_phones traffic through VOIP_client. Here is screenshot of my NAT and rule. There are no other rules / NAT on the other interfaces.

      I appreciate some help.

      21.png
      22.png
      23.png

      1 Reply Last reply Reply Quote 0
      • V
        viragomann
        last edited by

        You have to add a Policy Routing rule to direct the VOIP traffic over the VPN. Guessing your VOIP phones are in the LAN, add a firewall rule to top of the LAN interface rule set similar to your third rule with GCPVPNINTERFACE_VPNV4:
        source = VOIP alias
        dest. = any
        Gateway = FreePBXVPNInterface GW

        Also you need an outbound NAT rule. You may copy your last rule of the outbound NAT rule set, change the interface to FreePBXVPNInterface and the translation address to "interface address".

        1 Reply Last reply Reply Quote 1
        • M
          moussa854
          last edited by moussa854

          Thank you, @viragomann.

          Edit:
          I think I spoke early. I am having issue with connection / sound. I created a rule on LAN:
          Protocol IPv4 *
          Source VOIP_PHONES
          Port *
          Destination *
          Port *
          Gateway FREEPBXVPNINTERFACE_VPN4

          I also replicated all the outbound NAT for the FREEPBXVPNINTERFACE. When I checked the States I am getting CLOSED:SYN_SENT and SYN_SENT:CLOSED

          If I change the Gateway to GCPVPNINTERFACE_VPN4 I got ESTABLISHED:ESTABLISHED. I compared Both Gateway and they look the same.

          If I ping the FreePBX server as FREEPBXVPNINTERFACE I got 100.0% packet loss. If I ping the FreePBX from my computer (or GCPVPNINTERFACE) I got 0% packet loss

          It looks like the FREEPBXVPNINTERFACE / Gateway is not passing the traffic. Any idea on how to troubleshoot this?

          C 1 Reply Last reply Reply Quote 0
          • C
            cnnsndnsqu @moussa854
            last edited by

            Thanks for the information!

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.