Traffic will not route through VPN [Solved]



  • Hello, i have tried 4-5 tutorials and created about 30 different firewall rules (1 at a time) but nothing seems to work. I have steady connection through openvpn and i am able to even see the correct virtual/private IP and remote IP on the VPN interface.

    However, not matter what rules i create, my internet will either completely stop working or will completely ignore the VPN gateway.

    I have even tried changing rules one at a time, then reboot but no look at all. Some Guidance will be greatly appreciated. i currently have the following rule

    VPNinterface:

    IPv4 * * * * * * none

    LAN:

    IPv4 * LAN net * * * * none

    IPv6 * LAN net * * * * none

    IPv4 * * * * * SVPNINTERFACE_VPNV4 none

    NAT is set to Manual



  • We need more info.

    Post network map.

    What are you doing with your VPN and what are your intentions for routing traffic….Road Warrior, Site-to-Site or trying to use a VPN service as your WAN?  Split Tunnel or Full Tunnel?

    Also, Firewall rules are parsed top down, so as currently configured, your traffic is being routed through your default gateway.  That last rule routing traffic through "SVPNINTERFACE_VPNV4" is essentially being ignored because all your traffic is hitting that first rule.

    You would need to move that last rule up to the top if your intention is to route all traffic through "SVPNINTERFACE_VPNV4".



  • I have already tried that previously, but that did not work either. I also notice the HAVP antivirus has stopped working, even though its shows to be running, I just cannot get that to work, there are no errors in logs for either VPN or this package.

    I am just connecting to a VPN server for secure tunneling. In order to understand the network setup better, i will ask:

    -Do i HAVE to assign opvpnc1 to a new interface? or can i just setup rules in OpenVPN.

    -Does all LAN traffic pass through OpenVPN by default?

    -If i don't assign the OpenVPN connection to a network interface, i cannot choose OpenVPN gateway for the LAN rule i create. Is there a way to simplify the setup and create rule that will pass connections to OpenVPN without creating a virtual interface.

    In the meantime, I m going to format my drive and reconfigure everything based on your suggestion. Some information on the above concerns will help me try some rules in the meantime.

    I will post my results after reconfiguring..

    Thank you.

    p.s. My main goal is to route traffic based on request of specific: domain/ip /cidr, but i want to get the simple task of routing all traffic through VPN first. I have this perfectly setup (selective VPN) on my Tomato router, but i am hoping by using better hardware with pfsense, i am able to get speeds similar to OpenVPN client in windows. Also, based on my elementary understanding: using alias with pfSense i do not need to define all IPs associate with the domain(s) i want to route, by defining domain pfSense will auto resolve to IPs which is another benefit (it seems).



  • So i created a new rule at the top my connection status image is attached.

    Rules are

    LAN
    IPv4 * LAN net * * * OpenVPNinterface_VPNV4
    IPv4 * LAN net * * * * none

    OpenVPNinterface
    IPv4 * * * * * * none

    OpenVPN
    IPv4 * * * * * * none

    This results is some very unexpected behavior, i.e. i can only reach a handful of websites and alot of domains become unreachable. My IP is identified as ISP IP and not VPN.

    **Update: I got the traffic to route through VPN somewhat. So by adding
    redirect-gateway def1, i get the correct Remote IP but i have the same problems mentioned earlier: i can ONLY reach a handful of websites

    **Update 2: Ok now it WORKS!! and i am even able to selectively route traffic for specific domain/IPs that i define. I have no idea why it works now, all i know is i m backing this shiz up. Is there a easy way to backup the whole image of the OS and not just configuration?

    If someone is pulling their hair with vpn setup on this great software my recommendation is to make changes 1 at a time then reboot and test.

    **Update 3: The routing problems were caused by HAVP antivirus, specifically Transparent proxy.

    ![Connection Status.jpg](/public/imported_attachments/1/Connection Status.jpg)
    ![Connection Status.jpg_thumb](/public/imported_attachments/1/Connection Status.jpg_thumb)
    ![Gateway connection.jpg](/public/imported_attachments/1/Gateway connection.jpg)
    ![Gateway connection.jpg_thumb](/public/imported_attachments/1/Gateway connection.jpg_thumb)


Log in to reply