Default route through an OpenVPN tunnel for a VLAN interface

  • I've set up an OpenVPN tunnel between two sites and both sites A & B can access each others local subnets just fine. Site B has an interface configured to a particular VLAN and I was hoping to route all the traffic from that interface through the OpenVPN tunnel and use site's A default GW as an edge to the public internet.

    Now, I know I cannot configure a default gateway on sites B VLAN interface that points to site A, since there is no IP on site B that can be routed to locally.

    My goal really is just to have the local LAN interface to continue to route through site's B WAN interface, while the VLAN interface would route all traffic through site's A WAN interface.

    Is there a way to configure this? I don't want to set "redirect-gateway def1;" on the OpenVPN connection, as that redirects all traffic from all interfaces to site A's WAN.

    Any suggestions/thoughts?

  • Adding a self-reply, as I have found a way to do this:

    1. Create a new interface mapping to the openvpn connection.
    2. Assign the interface endpoint IP to the new interface as it's IP address. The endpoint IP is taken from the "Tunnel network" in the OpenVPN connection settings.
    3. Create a gateway to the interface of the endpoint IP
    4. Create policy based routing by adding a rule to the VLAN interface, routing through the newly create gateway in 3.
    5. Ensure there is an outbound NAT mapping for the subnet of site B on site A.

    If there are any issues with this or if there is a better way to do this, please let me know.

  • Yes, that should work. But I don't think you need steps 2 and 3. After Interafces->Assign to assign and OPTn to the OpenVPN, then Interfaces->OPTn enable, you leave the IPv4 (and IPv6) set to "none". pfSense and OpenVPN sort it out underneath and a gateway pointing at the other end of the tunnel should automagically appear.

Log in to reply