OpenVPN acts as default Gateway. Why?



  • Hi all. This is my first post, so I wanted to say hello to all of you.

    I am a newbie in pfsense world, so please be gentle with me.

    I use SecurityKISS VPN provider and I have created a little tutorial on how to setup SecurityKISS on my pfsense. Please verify if you want: http://wiki.abadonna.info/doku.php?id=pfsense:kiss (any suggestion on how to make it better are highly appreciated).

    Anyway, when I performed steps I have put into my tutorial, everything works like a charm, but… As soon as VPN tunnel is established, all traffic is routed through it. Why? I expected to see only some traffic (let's say from one dedicated IP on my LAN) would be sent through VPN tunnel. Why pfsense route all traffic through VPN by default? Is there a way to change this behavior?
    At the moment I am forced to deactivate tunnel if I do not need to use it. I would rather prefer to keep it opened all the time, and only change my local IP if I need to go through tunnel.

    I hope this make sense and you can help me.

    A.



  • The setup procedure looks good. I guess that the KISS VPN server pushes a "redirect-gateway def1" to the client. That would cause pfSense to effectively switch its default route to the KISS VPN. After that all your internet traffic from all LAN systems goes over KISS VPN. Look at Diagnostics->Routes - it will probably have something like a route to "0.0.0.0" via the KISS tunnel link.
    You should be able to override that by adding "policy-routing" rules on LAN that select particular traffic, and in the advanced rule sections, Gateway, pick a gateway to send that traffic over. This lets you pick what IPs/ports/whatever you want to route via which internet connection.



  • And I see that you have also seen this post: http://forum.pfsense.org/index.php/topic,64480.0.html
    So, you can use route-nopull to stop the default behaviour, then add policy-routing rules on LAN do direct traffic you select into the KISS VPN.