Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    [SOLVED] How to force all client generated traffic through the tunnel?

    Scheduled Pinned Locked Moved OpenVPN
    10 Posts 5 Posters 14.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      archedraft
      last edited by

      I have setup my pfsense 2.1-RC1 home network openvpn server by watching this youtube video http://www.youtube.com/watch?v=VdAHVSTl1ys

      I then connect to it using my iphone. Everything works fine however I would like all the data to be forced through to my home network. If I click the Redirect Gateway button my iphone will connect to the server but will not send data. What other changes need to be made when selecting the redirect gateway option?

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        That checkbox is enough, but make sure you also send the client a DNS server it can reach over the tunnel

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • A
          archedraft
          last edited by

          hmm OK here is what I did and it didn't work.

          1. I selected redirect gateway.
          2. The "IPv4 Local Network/s" field went away.
          3. "IPv4 Tunnel Network" is set to 192.168.26.0/24. (Does it need to be set to my lan network 192.168.25.0/24?)
          4. Then I went to DNS Servers and clicked "Provide a DNS server list to clients" I tried both 8.8.8.8 and 192.168.25.1 as the DNS servers and both times the data would not send on my iPhone. (Am I doing this step correctly?)

          5. I tried that both times without and luck (Any suggestions?) (Also, would I have to export a new client ,ovpn each time I change the settings?)
          6. Do I need to change and settings in the firewall to allow the connection? I just used the VPN Wizard to setup the rules the first time.

          Thank you in advance for your help!

          1 Reply Last reply Reply Quote 0
          • A
            archedraft
            last edited by

            I figured it out!

            I didn't have the firewall rules setup properly.

            Thank you Jimp for your help!

            1 Reply Last reply Reply Quote 0
            • R
              richardkingsley
              last edited by

              Hi,

              Can you post your firewall rules for the tunnel please for other people with same problem

              Thanks
              Richard

              1 Reply Last reply Reply Quote 0
              • A
                archedraft
                last edited by

                Sure!

                Go to Firewall -> NAT -> Outbound

                What I did was delete all the rules, then i selected "Automatic outbound NAT rule generation (IPsec passthrough included)" and clicked save and then i selected "Manual Outbound NAT rule generation (AON - Advanced Outbound NAT)" and clicked save. This automatically added all the rules that I needed.

                If you want to manually add a new rule i think you need one that has the following options
                Interface: WAN
                Source: (your VPN Tunnel network ex. 10.0.10.0/24)
                Source Port: Any
                Destination Port: Any
                NAT Address: WAN address
                NAT Port: Any
                Static Port: NO

                1 Reply Last reply Reply Quote 0
                • R
                  richardkingsley
                  last edited by

                  Thanks for posting your solution. Didn't work for me, but have an open vpn client connection to strongvpn, which is confusing matters. Going to simplify my settings and try again

                  Thanks

                  Richard

                  1 Reply Last reply Reply Quote 0
                  • P
                    phil.davis
                    last edited by

                    archedraft has described how to go back to using Automatic Outbound NAT, which is good. The last step about selecting Manual Outbound NAT is not necessary. Automatic Outbound NAT is doing its thing underneath anyway. Selecting Manual Outbound NAT again simply puts a copy of the unseen Automatic Outbound NAT rules in the manual list, and starts using them there. The trouble is that in future when yyou change other stuff, you are using Manual Outbound NAT - so new/changed things will not have NAT adjusted automatically.
                    pfSense Automatic Outbound NAT put NAT rules in place for packets coming in from remote clients to an OpenVPN server and heading out WAN(s). The sort of config described in this post should work out-of-the-box with Automatic Outbound NAT.

                    As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
                    If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

                    1 Reply Last reply Reply Quote 0
                    • A
                      archedraft
                      last edited by

                      @richardkingsley:

                      Thanks for posting your solution. Didn't work for me, but have an open vpn client connection to strongvpn, which is confusing matters. Going to simplify my settings and try again

                      Thanks

                      Richard

                      Richard,

                      My current setup is as follows: I have an open vpn client connection through Private Internet Access (all my data is being encrypted through PIA on my network). I have also, setup an OpenVPN server so that I can connect to my home network. Now that I have everything working, I can connect my iphone to my home network and the data is also being encrypted through PIA. It's pretty cool once it was all setup, but it did take awhile to figure it out and change the settings a bunch of times to get it working.

                      I followed this guide to get my PIA client setup:
                      http://www.komodosteve.com/archives/232

                      The I used this guide to get my server setup:
                      http://www.youtube.com/watch?v=VdAHVSTl1ys

                      Then to force all client generated traffic through the tunnel I did the following:
                      1. clicked "redirect Gateway"
                      2. Selected "Provide a DNA server list to clients"
                      3. I used the IP address to log into my pfsense box for server #1
                      4. Clicked save
                      5. Went to Firewall -> NAT -> Outbound

                      What I did was delete all the rules, then i selected "Automatic outbound NAT rule generation (IPsec passthrough included)" and clicked save and then i selected "Manual Outbound NAT rule generation (AON - Advanced Outbound NAT)" and clicked save. This automatically added all the rules that I needed.

                      Hopefully that helps.

                      1 Reply Last reply Reply Quote 0
                      • K
                        kejianshi
                        last edited by

                        Probably the biggest obstacle I see to really simple VPN is that not all OSs honour "push" from openvpn.  When they don't, you need to enter the command on the client side rather than "pushing" to client from the server.  PITA.

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.