OpenVPN Client IP Masking/Routing all traffic via VPN.



  • Hi Guys,

    Scratching my head on this one. We have a pfsense box running as our office firewall with a dedicated WAN IP, and we have a number of devices/websites that can be accessed from this WAN IP.

    We have some employees who work remotely and use OpenVPN to connect to the office firewall, from there they can RDP do their desktops and manage the devices that are "bound" to the office outbound IP.

    My question is, is it possible for OpenVPN to be setup on the laptops, to somehow "mask" the IP, or route all traffic via the VPN to the office, then from out of the office IP, and back in? In essence, what I am trying to achieve is the possibility for remote workers to use the outbound office IP.

    Hope that makes sense. Thanks in advance.


  • Rebel Alliance Developer Netgate

    Sure, either by pushing a route to the clients for the IPs you want to go over the VPN, or using the option to force all client traffic through the VPN.

    The default automatic outbound NAT config will do NAT for the VPN tunnel network so it should work with minimal effort. If you're using manual outbound NAT you'll need to make sure you have a rule that covers the VPN client subnet.

    Beyond that, make sure your OpenVPN tab rules allow the traffic through and it should work fine.


Log in to reply