All trafic from seperate interface, via OpenVPN client.



  • Hello!
    I have a subscription of a VPN service.
    I got the VPN working perfectly and all good, but what i want to do is:
    Only have an seperate network interface where all traffic goes thru the VPN. So the other interfaces will route normal via the WAN interface.

    [2.1-RELEASE][root@pfsense.lan]/var/etc/openvpn(32): cat client1.conf
    dev ovpnc1
    dev-type tun
    tun-ipv6
    dev-node /dev/tun1
    writepid /var/run/openvpn_client1.pid
    #user nobody
    #group nobody
    script-security 3
    daemon
    keepalive 10 60
    ping-timer-rem
    persist-tun
    persist-key
    proto udp
    cipher BF-CBC
    up /usr/local/sbin/ovpn-linkup
    down /usr/local/sbin/ovpn-linkdown
    tls-client
    client
    lport 0
    management /var/etc/openvpn/client1.sock unix
    remote sweden.privateinternetaccess.com 1194
    ca /var/etc/openvpn/client1.ca
    cert /var/etc/openvpn/client1.cert
    key /var/etc/openvpn/client1.key
    comp-lzo
    resolv-retry infinite
    auth-user-pass /etc/openvpn-password.txt
    comp-lzo
    ca /etc/ca.crt
    
    

    TL;DR: Want to route all trafic from a second LAN interface thru the VPN.



  • I just commented about this here: https://forum.pfsense.org/index.php?topic=74298.msg406220#msg406220
    Hopefully that will get you going.



  • This still won't work. I did just as you described in the tread, but the seperate interface still wont go on the internet via the VPN. Nothing will go out on that interface if the OpenVPN client is running.





  • Manual Outbound NAT needs a ruke on interface VPN. Outbound NAT is applied on the way out, the rules go on the interface/s where the traffic exits.
    Also, the Outbound NAT rule on TESLAN is not needed - it won't break anything, but it will never match anything.


Log in to reply