Is it possible to tunnel all traffic over OpenVPN [SOLVED]?
-
So I've followed the guides for OpenVPN and it works great, I can connect to any network and start openvpn and get back into my internal (home) network.
However is there a way to tunnel all traffic back through my home internet using openvpn?
Thanks for the help.
-
check this box and see if this works for you under your road warrior server setup. Its under Tunnel Setting…. Test it out tho.. I can't use it at work because I need my work's default gateway since we have many different internal networks all over the country and i'm not going to create static routes on my laptop for each one i need access too. If you just want Internet usage to route out your home network, setup a web proxy then.
'Redirect Gateway Force all client generated traffic through the tunnel. '
-
I've reread the original guide but havent found anything for tunneling. Is there something in the pfsense>vpn>openvpn>client settings or server settings that I need to change? Or should I change something in my config file on my client machine or setup proxies settings in the network adaptaers settings?
Thanks for the help.
-
Edit your RoadWarrior setup, should be under the Server Tab. Scroll down to you see the option 'Redirect Gateway' check that box and save… I'm using pfsense 2.0Beta5 but i think its the same on 1.2.3.
-
Yea, I'm on 1.2.3. I'm not seeing that option :(
-
No checkbox in 1.2.3
Just add the following line in Custom Options. If you have any other commands in Custom Options be sure to separate them with a semicolon.
push "redirect-gateway def1"
-
I added that custom option and it doesnt work, I can still get to my internal network. Just nothing outside of that.
Does squid, or squid gaurd make a difference?
-
So I've followed the guides for OpenVPN and it works great, I can connect to any network and start openvpn and get back into my internal (home) network.
I can still get to my internal network. Just nothing outside of that.
I am a bit confused, looks like you contradicted yourself. You stated you can connect to any network, then you stated you can only get to your internal network.
Are you using the DNS option in your tunnel as well. Below is my custom options, where the xxx.xxx.xxx.1 is, this is the IP address from the address pool in your OpenVPN Server settings. If this doesnt help you, post a screenshot of your config files removing any identifying IP addresses. Are you using Advanced Outbound NAT?
push "redirect-gateway def1";push "dhcp-option DNS xxx.xxx.xxx.1";verb 1;mute-replay-warnings
-
I mean websites are unviewable, when i enable OpenVPN i can access my router and ping other computers, ex. 192.168.1.1 or .30.
My address pool is 192.168.200.0/24, I do have a rule setup and can ping the 192.168.1.1 network so it seems to be ok.
I've tried your custom options but it didnt work, what is 'def1' and 'verb 1' ?
-
Verb 1 is just the logging level, def1 is the default gateway. Please post screenshots of your server and client config files, but it sounds like you're not using Advanced Outbound NAT.
-
Thanks for taking a look, here is everything I thought you may need to look at
ovpn_client
client dev tun proto udp remote [mypublicip] 1194 ping 10 resolv-retry infinite nobind persist-key persist-tun ca ca.crt cert ovpn_client1.crt key ovpn_client1.key ns-cert-type server comp-lzo pull verb 3
-
Heres a few more screen shots
-
In your Custom Options, change your DNS Server to look like below
push "redirect-gateway def1";push "dhcp-option DNS 192.168.200.1";verb 1;mute-replay-warnings
Also, in the Web GUI, go to the Firewall/NAT/Outbound tab and make your settings look like the following screenshot.
 -
Alright, changed custom settings and change Outbound NAT.
Good news, while OpenVPN is connected I can pull up google by ip. I've also pulled up ipchicken.com through ip and it shows my home IP address.
So something with DNS isnt exactly right, any ideas?
-
hmm, maybe change the 'dhcp-option' to your LAN IP address? or what ever IP address your pfsense box is
-
Looks like that did the trick :)
Thanks for all the help guys!
-
sweet! Good to hear
