Routing Issue: LAN Clients > Local pfSense > Proxy > Remote pfSense > Internet



  • Hi everyone :)

    I'm having an issue with traffic routing over OpenVPN when a proxy is used. Without the proxy, everything works perfectly. This guide was used to configure everything:
    https://doc.pfsense.org/index.php/Routing_internet_traffic_through_a_site-to-site_OpenVPN-connection_in_PfSense_2.1
    (AMAZING guide by the way, thank you!!!!)

    The layout without the proxy is as follows: LAN Clients > Local pfSense 2.1 (OpenVPN client) > Remote pfSense 2.1 (OpenVPN server) > Internet

    The problem comes in when I introduce a proxy in front of the local pfSense. Obviously, the OpenVPN client won’t connect, until I modify the client configuration (within the pfSense GUI) to the correct proxy IP and port. No authentication is needed, so ‘none’ is selected there.

    After that change, the OpenVPN client will successfully connect to the OpenVPN server, but the local LAN clients can’t connect to the internet. However, they can successfully reach the remote LAN clients as well as ping the remote gateway.

    After hours of searching the forum and visiting the Google ‘oracle’ ;) I’ve finally given up and decided to reach out to the pfSense experts. Any ideas? Thank you in advance for your help!

    (For reference if needed)

    IP addressing:

    • 10.14.x.0/24 for the LAN clients

    • 10.14.x.1 for the local pfSense gateway

    • 10.14.z.0/24 for the remote pfSense LAN clients

    • 10.14.z.1 for the remote pfSense gateway

    Local pfSense (OpenVPN Client):

    • Peer-to-peer, TCP, TUN, TLS

    • 192.168.y.0/28 for the tunnel

    • IPv4 Remote Network/s: 10.14.z.0/24

    • Advanced config: redirect-gateway def1;route 10.14.z.0 255.255.255.0

    Remote pfSense (OpenVPN Server):

    • Peer-to-peer, TCP, TUN, TLS

    • 192.168.y.0/28 for the tunnel

    • IPv4 Local Network/s: 10.14.z.0/24

    • IPv4 Remote Network/s: 10.14.x.0/24

    • Advanced config:<blank></blank>

    • Client Specific Override: iroute 10.14.x.0 255.255.255.0