Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Default Gateway changes to OpenVPN

    OpenVPN
    3
    6
    1.3k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      DWAyotte
      last edited by

      Hi there. I have more or less followed the directions here: https://forum.pfsense.org/index.php/topic,29944.0.html to connect to a VPN service.
      One difference is that I didn't create my rules in the LAN section of the rules, but the floating tab instead (LAN did not seem to be taking effect at all). I also checked the quick option for the floating rule. I set the source for the rule to an Alias so I can easily add and remove hosts to the Alias and not have to fool around with rules every time.
      Now, the strange thing that I am seeing is when I connect the OpenVPN I can go to Diagnostics > Routes and see that the default route changes to the OpenVPN interface address.
      This shouldn't be happening and I can't see what I have done to make it happen. I don't have my OVPN GW set to default.
      I have rebooted pfsense, but no difference.
      What happens when I connect, as you may have deduced by now, is that I get no connectivity beyond pfsense. This is to say that neither hosts in or out of the alias can connect to the internet. I am a bit stumped at this point.
      I am running 2.1.1-RELEASE (amd64)

      1 Reply Last reply Reply Quote 0
      • C
        casoah
        last edited by

        put  "route-nopull" (no quotes)
        to the end of the advanced client section

        1 Reply Last reply Reply Quote 0
        • D
          DWAyotte
          last edited by

          Thanks for the tip on the command. That gets me one step closer. Now I can hit the internet with my hosts that aren't defined in my floating rule, but the floating rule hosts still can't get anywhere.

          1 Reply Last reply Reply Quote 0
          • P
            phil.davis
            last edited by

            Not sure about floating rules and the order everything is applied, but it works fine putting the rules on LAN. Put the special rules first (to direct particular traffic to the OpenVPN gateway or to WAN gateway). Then have the general pass all rule at the end, that will match anything else.

            As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
            If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

            1 Reply Last reply Reply Quote 0
            • D
              DWAyotte
              last edited by

              I moved the rule over to LAN, as suggested, but no change. I moved to manual NAT and added an entry for my VPN traffic and moved it to the top of the list, but still nothing. Here is what a state currently looks like.

              udp 8.8.8.8:53 <- 10.0.0.2:51979 NO_TRAFFIC:SINGLE
              udp 10.0.0.2:51979 -> 10.10.10.194:48963 -> 8.8.8.8:53 SINGLE:NO_TRAFFIC

              Every VPNbound state looks like this.

              1 Reply Last reply Reply Quote 0
              • D
                DWAyotte
                last edited by

                I figured it out! So it looks like I do need to have that manual outbound NAT after all, it's just a bummer that I can't use aliases for that either. So I looked in my openvpn logs and saw there were a bunch of encryption/decryption errors. So I changed my cipher from AES-256 to BF and now I am up and running! Now to test for any leaking. Thanks for all the help guys, you were all very helpful and friendly.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.