Transparent Firewall with Openvpn

  • I have searched through the forums and I cannot find an issue exactly like this one.  I hope someone is able to assist me.

    I have a single pfSense box configured in transparent firewall mode following the configuration from  The WAN port is connected to an upstream router providing Internet access and the LAN port is connected to a small network of PCs.  The transparent firewall has an active OpenVPN tunnel terminated on an OpenVPN server externally located on the Internet.  From the diagnostic menu on the (pfSense) transparent firewall I can ping the IP space behind the OpenVPN server successfully verifying the connection of the tunnel.

    My dilemma is that I want the local PCs to route to the Internet through the (pfSense) transparent firewall as if it was not there, however when they attempt to reach the IP space behind the OpenVPN server then they route across the OpenVPN tunnel.

    I am assuming that I can build a firewall rule to accomplish this but I can not see a way to do it.  If anyone can point me in the right direction I would be greatly appreciative.

  • Does the OpenVPN tunnel become the default route?

  • No, all traffic would continue to flow through the bridge as normal, only traffic destined for the other side of the OpenVPN tunnel would be directed through it.

  • In theory you'll find the routing configured on the OpenVPN server will handle that.