All trafic from seperate interface, via OpenVPN client.

  • Hello!
    I have a subscription of a VPN service.
    I got the VPN working perfectly and all good, but what i want to do is:
    Only have an seperate network interface where all traffic goes thru the VPN. So the other interfaces will route normal via the WAN interface.

    [2.1-RELEASE][root@pfsense.lan]/var/etc/openvpn(32): cat client1.conf
    dev ovpnc1
    dev-type tun
    dev-node /dev/tun1
    writepid /var/run/
    #user nobody
    #group nobody
    script-security 3
    keepalive 10 60
    proto udp
    cipher BF-CBC
    up /usr/local/sbin/ovpn-linkup
    down /usr/local/sbin/ovpn-linkdown
    lport 0
    management /var/etc/openvpn/client1.sock unix
    remote 1194
    ca /var/etc/openvpn/
    cert /var/etc/openvpn/client1.cert
    key /var/etc/openvpn/client1.key
    resolv-retry infinite
    auth-user-pass /etc/openvpn-password.txt
    ca /etc/ca.crt

    TL;DR: Want to route all trafic from a second LAN interface thru the VPN.

  • I just commented about this here:
    Hopefully that will get you going.

  • This still won't work. I did just as you described in the tread, but the seperate interface still wont go on the internet via the VPN. Nothing will go out on that interface if the OpenVPN client is running.

  • Manual Outbound NAT needs a ruke on interface VPN. Outbound NAT is applied on the way out, the rules go on the interface/s where the traffic exits.
    Also, the Outbound NAT rule on TESLAN is not needed - it won't break anything, but it will never match anything.

Log in to reply