Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    remote client & Web traffic

    Scheduled Pinned Locked Moved OpenVPN
    16 Posts 3 Posters 1.7k Views 3 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J Offline
      jpvonhemel @sasa1
      last edited by

      @sasa1 sounds like you want split tunneling, but the web traffic you want originating from the remote host would not go through the VPN, it would bypass it and traffel out the remote host wan gateway. Are you using an openvpn server? This was posted in the openVPN forum of PFSense.

      1 Reply Last reply Reply Quote 0
      • V Offline
        viragomann @sasa1
        last edited by

        @sasa1
        So obviously there is no OpenVPN in play. Hence this topic should be posted in the routing section.

        If I understood it correct, you have an Openswan server behind pfSense, and a remote client which is connecting to it should direct its whole upstream traffic over the VPN and out through pfSense WAN interface.

        So you have to configure the Openswan server or client so that the client routes its upstream traffic over the VPN. In OpenVPN this can be done by checking "redirect gateway", but I cannot help with Openswan.

        On pfSense you have to add a static route for the clients (virtual) IP pointing to the Openswan Server.
        Additionally you have to switch the outbound NAT inot hybrid mode and add an rule for the clients IP to WAN.

        S 1 Reply Last reply Reply Quote 0
        • S Offline
          sasa1 @viragomann
          last edited by

          @viragomann The static route must be added in System -> Routing -> Gateways ?
          the other two steps are clear to me.
          Thanks.

          V 1 Reply Last reply Reply Quote 0
          • V Offline
            viragomann @sasa1
            last edited by

            @sasa1
            Yes. First add the Openswan server as gateway, then go to the static routes tab and add a static route for the tunnel network and select the Openswan from the gateway drop-down.

            S 1 Reply Last reply Reply Quote 0
            • S Offline
              sasa1 @viragomann
              last edited by

              @viragomann when you refer to "Openswan server as gateway" do you mean pfsense's private IP or public IP?
              When I create the static route, in the "Destination network" field I have to indicate the network:
              0.0.0.0

              thanks.

              V 1 Reply Last reply Reply Quote 0
              • V Offline
                viragomann @sasa1
                last edited by

                @sasa1
                I'm talking about an Openswan server behind pfSense as I already stated above. Hence I mean its internal IP.
                Requested your setup details several times. Since you won't provide details, I'm on assumptions.

                S 1 Reply Last reply Reply Quote 0
                • S Offline
                  sasa1 @viragomann
                  last edited by

                  @viragomann sorry but I thought I had provided the necessary details, I try to better explain my network topology.
                  I have pfsense with wan and lan interface, openvpn server and a remote host that connects in vpn through openvpn client.
                  My goal is that the remote host can access the web pages using the gateway configured on pfsense so that it can present itself on the web with the public ip address assigned to the pfsense wan

                  V 1 Reply Last reply Reply Quote 0
                  • V Offline
                    viragomann @sasa1
                    last edited by viragomann

                    @sasa1
                    So there is no Openswan in use yet??? Holy crap!
                    Only OpenVPN on pfSense itself. We were talking about Openswan all the time. Since this would not run on pfsense, I was assuming it runs on a separate server.
                    😖

                    S 1 Reply Last reply Reply Quote 0
                    • S Offline
                      sasa1 @viragomann
                      last edited by

                      @viragomann sorry it was a lapsus, I only use openvpn installed inside pfsense.

                      Are the same steps you indicated in the previous post valid for the configuration?
                      thanks and sorry again for the inattention

                      V 1 Reply Last reply Reply Quote 0
                      • V Offline
                        viragomann @sasa1
                        last edited by

                        @sasa1
                        When you are running OpenVPN on pfSense itself, you have only to check "Redirect gateway" on the OpenVPN server settings and add an outbound NAT rule to WAN for the VPN tunnel network.
                        You have to switch the outbound NAT into hybrid mode and save it. Then add a rule:
                        interface: WAN
                        source: <OpenVPN tunnel network>

                        All other options may stay on default values. Save it.

                        1 Reply Last reply Reply Quote 1
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.