Route all traffic via VPN



  • This really brings me headache now. I tried to mess around with static routes, port forwarding etc. and couldn't get it to work.
    I guess now i need some bulletproof guide.

    I need to be able to route all traffic on LAN2 via my VPN connection

    Below is a screenshot of my interfaces

    AS you can see VPN connection is up and running. When I will connect to my VPN server directly from my computer, everything works great. I can go to whatismyip.org or any other website and I will see VPN server's IP instead of my real one, so I want to achieve exactly the same for all computers in LAN2.

    Now you can have a look at screenshot of my routes

    The vpn server is a debian with OpenVPN on it and the config is as following:

    
    port 1194
    proto udp
    dev tun
    ca ca.crt
    cert local.crt
    key local.key
    dh dh2048.pem
    server 10.8.0.0 255.255.255.0
    ifconfig-pool-persist ipp.txt
    client-config-dir ccd
    route 10.8.0.0 255.255.255.0
    push "dhcp-option DNS 8.8.8.8"
    push "dhcp-option DNS 8.8.4.4"
    keepalive 10 120
    comp-lzo
    persist-key
    persist-tun
    verb 3
    
    

    I've tried it with push "redirect-gateway def1" option and I was loosing internet connectivity.
    Funny thing is that when i logon to pfsense shell I can ping 10.8.0.10 as well as 10.8.0.1
    From computers within LAN2 i can ping only 10.8.0.10

    Right now I am completely clueless, so I hope some of you can help me out.



  • little bit of progress, thanks to some post i just found here

    Right now, computers from LAN2 can ping 10.8.0.1
    I only needed to add the rule for openvpn, however I'm still not able to route all the traffic via vpn connection



  • What if you create firewall rule with gateway setting?
    This was again one of those shot in the dark kind of advices.. ;)



  • You have a problem with the default gateway for the LAN2 network. Try to manually set it as the OpenVPN one and let's see… Do you want to always route all traffic through the VPN, or only if it is up?

    Now, I really don't know about how pfSense behaves as an OpenVPN client (I just use it as a server). There must be an option to specify what to do with the traffic. Otherwise, I guess you could just setup some gateway failover between WAN an OpenVPN.

    Cheers!


Locked