Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    OpenVPN acts as default Gateway. Why?

    OpenVPN
    3
    4
    1590
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      abadonna last edited by

      Hi all. This is my first post, so I wanted to say hello to all of you.

      I am a newbie in pfsense world, so please be gentle with me.

      I use SecurityKISS VPN provider and I have created a little tutorial on how to setup SecurityKISS on my pfsense. Please verify if you want: http://wiki.abadonna.info/doku.php?id=pfsense:kiss (any suggestion on how to make it better are highly appreciated).

      Anyway, when I performed steps I have put into my tutorial, everything works like a charm, but… As soon as VPN tunnel is established, all traffic is routed through it. Why? I expected to see only some traffic (let's say from one dedicated IP on my LAN) would be sent through VPN tunnel. Why pfsense route all traffic through VPN by default? Is there a way to change this behavior?
      At the moment I am forced to deactivate tunnel if I do not need to use it. I would rather prefer to keep it opened all the time, and only change my local IP if I need to go through tunnel.

      I hope this make sense and you can help me.

      A.

      D 1 Reply Last reply Reply Quote 0
      • P
        phil.davis last edited by

        The setup procedure looks good. I guess that the KISS VPN server pushes a "redirect-gateway def1" to the client. That would cause pfSense to effectively switch its default route to the KISS VPN. After that all your internet traffic from all LAN systems goes over KISS VPN. Look at Diagnostics->Routes - it will probably have something like a route to "0.0.0.0" via the KISS tunnel link.
        You should be able to override that by adding "policy-routing" rules on LAN that select particular traffic, and in the advanced rule sections, Gateway, pick a gateway to send that traffic over. This lets you pick what IPs/ports/whatever you want to route via which internet connection.

        As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
        If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

        1 Reply Last reply Reply Quote 0
        • P
          phil.davis last edited by

          And I see that you have also seen this post: http://forum.pfsense.org/index.php/topic,64480.0.html
          So, you can use route-nopull to stop the default behaviour, then add policy-routing rules on LAN do direct traffic you select into the KISS VPN.

          As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
          If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

          1 Reply Last reply Reply Quote 0
          • D
            datzhim @abadonna last edited by

            @abadonna your link is down can you send me your tutorial. I'm trying to setup Secuirtykiss

            1 Reply Last reply Reply Quote 0
            • First post
              Last post

            Products

            • Platform Overview
            • TNSR
            • pfSense
            • Appliances

            Services

            • Training
            • Professional Services

            Support

            • Subscription Plans
            • Contact Support
            • Product Lifecycle
            • Documentation

            News

            • Media Coverage
            • Press
            • Events

            Resources

            • Blog
            • FAQ
            • Find a Partner
            • Resource Library
            • Security Information

            Company

            • About Us
            • Careers
            • Partners
            • Contact Us
            • Legal
            Our Mission

            We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

            Subscribe to our Newsletter

            Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

            © 2021 Rubicon Communications, LLC | Privacy Policy