• Hi,
    I have a VPN with OpenVPN on my firewall for the workers can connect remotely from home, but cannot surf on Internet.

    I have tried creating permission rules to destination ports 80, 443, 53 without success. The only thing I have achieved is to create a destination rule to port 3389 so that they connect by RDP to their office computer and can now navigate correctly.

    Could they browse without being connected to their computer by RDP? Only to the VPN.

    IP ranges:

    • OpenVPN: 10.2.3.0/24
    • Office: 172.16.0.0/24

    Thank you.


  • @jgomez123

    Have you set up routing to allow the Internet access? When you set up the client export, there's an Advanced box, where you configure the route that gets pushed to the client.

    Here's what I have:

    push "route 0.0.0.0 0.0.0.0";push "route-ipv6 ::/0"


  • @jgomez123
    What do you intend to achieve exactly?
    Do you want to route the whole clients internet traffic over the VPN or only provide access to the local networks?


  • @viragomann

    I want when they connect to the VPN they can surf the internet and all traffic goes through the VPN to restrict it with the rules of the firewall.

    Is this possible?


  • Yes. So check "Redirect gateway" in the server settings to push the default route to the clients and provide a DNS server.

    Additionally you have to add an outbound NAT rule for the VPN clients. Firewall > NAT > Outbound. Select the hybrid mode and hit save if you have the automatic mode now.
    Then add new rule:
    interface: WAN
    source: <OpenVPN tunnel network>
    destination: any
    translation: interface address