Route all traffic via VPN
This really brings me headache now. I tried to mess around with static routes, port forwarding etc. and couldn't get it to work.
I guess now i need some bulletproof guide.
I need to be able to route all traffic on LAN2 via my VPN connection
Below is a screenshot of my interfaces
AS you can see VPN connection is up and running. When I will connect to my VPN server directly from my computer, everything works great. I can go to whatismyip.org or any other website and I will see VPN server's IP instead of my real one, so I want to achieve exactly the same for all computers in LAN2.
Now you can have a look at screenshot of my routes
The vpn server is a debian with OpenVPN on it and the config is as following:
port 1194 proto udp dev tun ca ca.crt cert local.crt key local.key dh dh2048.pem server 10.8.0.0 255.255.255.0 ifconfig-pool-persist ipp.txt client-config-dir ccd route 10.8.0.0 255.255.255.0 push "dhcp-option DNS 22.214.171.124" push "dhcp-option DNS 126.96.36.199" keepalive 10 120 comp-lzo persist-key persist-tun verb 3
I've tried it with push "redirect-gateway def1" option and I was loosing internet connectivity.
Funny thing is that when i logon to pfsense shell I can ping 10.8.0.10 as well as 10.8.0.1
From computers within LAN2 i can ping only 10.8.0.10
Right now I am completely clueless, so I hope some of you can help me out.
little bit of progress, thanks to some post i just found here
Right now, computers from LAN2 can ping 10.8.0.1
I only needed to add the rule for openvpn, however I'm still not able to route all the traffic via vpn connection
What if you create firewall rule with gateway setting?
This was again one of those shot in the dark kind of advices.. ;)
You have a problem with the default gateway for the LAN2 network. Try to manually set it as the OpenVPN one and let's see… Do you want to always route all traffic through the VPN, or only if it is up?
Now, I really don't know about how pfSense behaves as an OpenVPN client (I just use it as a server). There must be an option to specify what to do with the traffic. Otherwise, I guess you could just setup some gateway failover between WAN an OpenVPN.