Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Single Interface OpenVPN -> Cloud, route Internet issue

    Scheduled Pinned Locked Moved OpenVPN
    4 Posts 2 Posters 742 Views 2 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S Offline
      sjgieson
      last edited by

      Hello,

      I am working on a diagram, but honestly struggling with depicting it on draw.io, open to suggestions, if it will help.

      I have a cloud PFsense server, connected to a home PFsense Server via site to site OpenVPN. My home PFsense server is a single interface server (just a single internal LAN IP) pointed to a 4G LTE gateway.

      I have 3 use cases, I am trying to solve, and currently 2/3 are solved.

      1. Host Webserver with a NAT on the cloud that directs back to a home IP - Success
      2. Remote Access VPN that allows me to access home computers - Success
      3. Send Email out via the cloud IP on the OpenVPN site to site tunnel - Fail

      I have defined the openvpn interface as the "WAN" for my home single physical interface PFsense instance. Everything but this last little issue is working, I would think at least directing all traffic out the OpenVPN would be easy, but I can't even direct all traffic let alone just SMTP.

      Altering the outbound firewall rules on the LAN replacing the "default" Gateway with the "WAN_DHCP", catches all Internet traffic via the firewall logs with an allow, but I don't see the traffic in the Cloud PFsense firewall logs...the traffic doesn't make it to the Internet.

      So I suspect i have routing issue? Specific to a single physical interface?

      Any screenshots, or additional information I can provide as well.

      V 1 Reply Last reply Reply Quote 0
      • V Offline
        viragomann @sjgieson
        last edited by

        @sjgieson said in Single Interface OpenVPN -> Cloud, route Internet issue:

        Send Email out via the cloud IP on the OpenVPN site to site tunnel - Fail

        Which Emails? From all devices or from one only?

        I assume the LTE router is the default gateway in your home network. Also I guess, it is not capable of managing multiple subnets. Right?

        Basically you have to route SMTP traffic to the pfSense box to direct it to the cloud. You can do this by a static route on each device you want to send email, but you can also make pfSense to be your default gateway with a gimmick.

        S 1 Reply Last reply Reply Quote 1
        • S Offline
          sjgieson @viragomann
          last edited by

          @viragomann So yes, 1 device would be preferred. However, to make this even more simple. How do I send all Internet out the VPN Gateway (forget SMTP) ? Right now I am able to NAT ports from the Cloud PFSense to the machines on my internal network. Which to be honest I thought would be the hardest part here. I figured sending traffic out the VPN gateway, that should be straight forward. Here is a rough diagram I did, not sure if it will help explain it. Single NIC Cloud PFsense.jpeg

          S 1 Reply Last reply Reply Quote 0
          • S Offline
            sjgieson @sjgieson
            last edited by

            @sjgieson

            Nevermind, I figured out routing all Internet at least. The solution is to make sure you default gateway is your Virtual Wan on your Default allow LAN to any rule. In my case it was called "DHCP_WAN", so now I can send all traffic out.

            I tried this earlier but I had a custom config line in the client side of OpenVPN, that was told to do to force all traffic out the VPN. This custom config was tripping up my LAN rules/routes. So don't do that.

            I appear to be back in business now.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.