OpenVPN Policy Routing
-
Hi,
Im trying to make specific ips go through the vpn and the rest go through the client. ive searched the internet for tutorials but havent found one
-
Make rule that matches the "interesting ip's"
Select advanced
Select the OpenVPN Gateway , where you want traffic to be sent to/via.
/Bingo
-
@bingo600 I only want some traffic to be routed to the vpn and the rest through the client's ISP.
-
@skyberry said in OpenVPN Policy Routing:
I only want some traffic to be routed to the vpn and the rest through the client's ISP.
You have to find a way to tell pfSense exactly what you want. It doesn't understand "some traffic".
If you want the rule to cover certain source IPs add them to an alias and set this as source. If you want to apply it to certain destination IPs or ports create an alias for the destination or combine both if needed.
-
@viragomann I only want 192.168.x.x to be routed through the vpn and the rest of the traffic to be routed to the client Isp I just don't know how to configure it
-
@skyberry said in OpenVPN Policy Routing:
I only want 192.168.x.x to be routed through the vpn and the rest of the traffic to be routed to the client Isp
So I assume, this is a whole subnet. This can be stated at source in the rule directly without using an alias.
I just don't know how to configure it
So you didn't even understand, what @bingo600 was talking above?
You provided very rare information about your network. We don't know what 192.168.x.x is. Is it the whole subnet assigned to an interface or only a part of it? Do you have multiple interfaces?
Hard to give you details on the base of your infos. -
@viragomann said in OpenVPN Policy Routing:
So I assume, this is a whole subnet. This can be stated at source in the rule directly without using an alias.
Yes
@viragomann said in OpenVPN Policy Routing:
You provided very rare information about your network. We don't know what 192.168.x.x is. Is it the whole subnet assigned to an interface or only a part of it? Do you have multiple interfaces?
I have wan and lan interface 192.168.1.1 is the lan. im just having issues with redirecting traffic that isn't supposed to be tunneled through the vpn to the client isp
-
@skyberry
You have only LAN as internal network and it has 192.168.1.1.
And you want to direct "only" 192.168.x.x over the VPN.
So what is the rest? Is it connected to LAN interface?
Which mask has your LAN?What is the actual state? Is the whole upstream traffic going to the vpn server?
Did you already get any over the vpn? -
@viragomann said in OpenVPN Policy Routing:
And you want to direct "only" 192.168.x.x over the VPN.
I only want 192.168.1.0/24 over the vpn and any other traffic goes through the client's network.
Im able to access 192.168.1.1 on the vpn but i need to access the outside web not redirecting the traffic through the vpn while being connected
-
@skyberry said in OpenVPN Policy Routing:
I only want 192.168.1.0/24 over the vpn and any other traffic goes through the client's network.
What is the vpn? A vpn service?
What is the client's network?
Im able to access 192.168.1.1 on the vpn but i need to access the outside web not redirecting the traffic through the vpn while being connected
Don't understand this sentence in the context of the above.
-
@viragomann said in OpenVPN Policy Routing:
What is the vpn? A vpn service?
The OpenVPN server
@viragomann said in OpenVPN Policy Routing:
What is the client's network?
The client is the person who is connecting to the vpn
@viragomann said in OpenVPN Policy Routing:
Don't understand this sentence in the context of the above.
When Im connected it doesn't allow the client to go to google.com but allows me to reach 192.168.1.1
-
Thanks for all the help. The OpenVPN server was trying to push DNS to the client and it was the cause of all my troubles.