Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Routing traffic through VPN (best practice/questions)

    Scheduled Pinned Locked Moved OpenVPN
    1 Posts 1 Posters 312 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      fnord
      last edited by

      Hello again, I've got a few questions..

      Yesterday I setup OpenVPN to funnel traffic through NordVPN following this guide:
      https://support.nordvpn.com/Connectivity/Router/1626958942/pfSense-2-5-Setup-with-NordVPN.htm

      I expected following this would result in all traffic being routed through VPN. After reading more I think I'd prefer having the option to add IP's individually, which seems like a different method all together. But I'll put that aside for now.

      The changes that I made based on that guide have resulted in the following:

      1. vlans are not being routed through VPN.
      2. RFC1918 block rule enabled on vlan1 results in my laptop having no internet connectivity, but tv on same vlan does. Meanwhile vlan2 laptop has connectivity with RFC1918 block enabled and same rules otherwise.
      3. lan is being routed through VPN and has internet connectivity but continues to drop intermittently.

      The VPN gateway seems to kinda function as expected for my lan, aside from intermittent drops. Which will be an issue for my use case. But ideally I’d like to get either pick which local networks are routed through the VPN or be able to add/remove ip’s for said routing. This is especially true after experiencing the performance thus far and given that limiting down time is paramount for the same vlan I’d like setup with the VPN. That being said I don’t want to start making more changes until I at least understand what I’m doing wrong currently.

      I checked the system log under gateway and I see the VPN gateway has filled the logs with:

      sendto error: 55

      Searching leads me to:

      The most common causes of this are:
    • No route to the target network (or no default route)
    • Missing link route for a local target
    • Stale state in pf sending the connection out an invalid path

      https://docs.netgate.com/pfsense/en/latest/troubleshooting/buffer-space-errors.html

      I don't see anything that seems relevant in the OpenVPN logs.

      So I assume it’s a routing issue. I'm not sure if I need a NAT outbound rule for each local network, need a static gateway, or if I’m just missing something with the firewall rules. Removing all rules except for vpn doesn’t seem to work so I’m leaning towards a routing issue.

      I've looked up a bunch of NordVPN threads and other search terms related to the issues I'm describing with little luck. From the threads I've read it sounds like I should be happy to have internet at all based on my skill level and the guides that I’m following. I have come across some suggestions from board members including:

      OpenVPN as a WAN on pfSense
      https://www.youtube.com/watch?v=lp3mtR4j3Lw
      &
      Ultimate pfSense OpenVPN Guide
      https://www.techhelpguides.com/2017/06/12/ultimate-pfsense-openvpn-guide/

      After reading what I consider NordVPN horror stories here I’m timid to venture out into the network unknown. But I like the idea of being able to create aliases and add ip’s. Just not more than I like internet itself. So I’d more than appreciate any insights into what I’m doing wrong currently, as well as best practices moving forward given my situation.

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.