All trafic from seperate interface, via OpenVPN client.
-
Hello!
I have a subscription of a VPN service.
I got the VPN working perfectly and all good, but what i want to do is:
Only have an seperate network interface where all traffic goes thru the VPN. So the other interfaces will route normal via the WAN interface.[2.1-RELEASE][root@pfsense.lan]/var/etc/openvpn(32): cat client1.conf dev ovpnc1 dev-type tun tun-ipv6 dev-node /dev/tun1 writepid /var/run/openvpn_client1.pid #user nobody #group nobody script-security 3 daemon keepalive 10 60 ping-timer-rem persist-tun persist-key proto udp cipher BF-CBC up /usr/local/sbin/ovpn-linkup down /usr/local/sbin/ovpn-linkdown tls-client client lport 0 management /var/etc/openvpn/client1.sock unix remote sweden.privateinternetaccess.com 1194 ca /var/etc/openvpn/client1.ca cert /var/etc/openvpn/client1.cert key /var/etc/openvpn/client1.key comp-lzo resolv-retry infinite auth-user-pass /etc/openvpn-password.txt comp-lzo ca /etc/ca.crt
TL;DR: Want to route all trafic from a second LAN interface thru the VPN.
-
I just commented about this here: https://forum.pfsense.org/index.php?topic=74298.msg406220#msg406220
Hopefully that will get you going. -
This still won't work. I did just as you described in the tread, but the seperate interface still wont go on the internet via the VPN. Nothing will go out on that interface if the OpenVPN client is running.
-
http://imgur.com/a/0GmX9
-
Manual Outbound NAT needs a ruke on interface VPN. Outbound NAT is applied on the way out, the rules go on the interface/s where the traffic exits.
Also, the Outbound NAT rule on TESLAN is not needed - it won't break anything, but it will never match anything.