I want to force the client to use its own internet gateway.

Reply to I want to force the client to use its own internet gateway. on Fri, 03 May 2024 14:57:07 GMT

pwood999 — Fri, 03 May 2024 14:57:07 GMT

@selcuk_ks Do you mean force general internet traffic out the clients local gateway, and only all VPN for services you host ?
If so, this is standard split tunnel, so un-select the "Force all traffic through tunnel" option

Reply to I want to force the client to use its own internet gateway. on Sun, 28 Apr 2024 19:21:52 GMT

selcuk_ks — Sun, 28 Apr 2024 19:21:52 GMT

@viragomann Thanks. I will try this when I have free time.

Reply to I want to force the client to use its own internet gateway. on Sun, 28 Apr 2024 19:19:10 GMT

viragomann — Sun, 28 Apr 2024 19:19:10 GMT

@selcuk_ks
You VPN server do not have much impact on the clients routing table.
You can push routes to the clients though, but this is nothing more than a recommendation in the end.

So on the server just block any unwanted traffic from the client.

Also you need an outbound NAT rule on WAN for the tunnel pool to masquerade the traffic with your WAN address. Without this, no internet access would be possible for the VPN clients.

If pfSense has created the outbound NAT rule automatically, you can switch to hybrid mode and add a rule for the tunnel network and disable NAT inside it.