Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Default route through an OpenVPN tunnel for a VLAN interface

    Routing and Multi WAN
    2
    3
    1.1k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      risotto
      last edited by

      I've set up an OpenVPN tunnel between two sites and both sites A & B can access each others local subnets just fine. Site B has an interface configured to a particular VLAN and I was hoping to route all the traffic from that interface through the OpenVPN tunnel and use site's A default GW as an edge to the public internet.

      Now, I know I cannot configure a default gateway on sites B VLAN interface that points to site A, since there is no IP on site B that can be routed to locally.

      My goal really is just to have the local LAN interface to continue to route through site's B WAN interface, while the VLAN interface would route all traffic through site's A WAN interface.

      Is there a way to configure this? I don't want to set "redirect-gateway def1;" on the OpenVPN connection, as that redirects all traffic from all interfaces to site A's WAN.

      Any suggestions/thoughts?

      1 Reply Last reply Reply Quote 0
      • R
        risotto
        last edited by

        Adding a self-reply, as I have found a way to do this:

        1. Create a new interface mapping to the openvpn connection.
        2. Assign the interface endpoint IP to the new interface as it's IP address. The endpoint IP is taken from the "Tunnel network" in the OpenVPN connection settings.
        3. Create a gateway to the interface of the endpoint IP
        4. Create policy based routing by adding a rule to the VLAN interface, routing through the newly create gateway in 3.
        5. Ensure there is an outbound NAT mapping for the subnet of site B on site A.

        If there are any issues with this or if there is a better way to do this, please let me know.

        1 Reply Last reply Reply Quote 0
        • P
          phil.davis
          last edited by

          Yes, that should work. But I don't think you need steps 2 and 3. After Interafces->Assign to assign and OPTn to the OpenVPN, then Interfaces->OPTn enable, you leave the IPv4 (and IPv6) set to "none". pfSense and OpenVPN sort it out underneath and a gateway pointing at the other end of the tunnel should automagically appear.

          As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
          If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.