Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Routing rules while using OpenVPN

    Routing and Multi WAN
    2
    3
    822
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      steven6282
      last edited by

      Hello,
      I don't think my problem is a problem in PFSense but maybe PFSense can solve it?  I'm not sure, but I figured maybe one of the knowledgable people here could help me with it.

      I'm configuring a new network with multiple VLANs to section off some things.  One of the VLANs has a single PC in it that is hosting a web server and using OpenVPN to route all of it's traffic through a VPN.  I've got the VPN configured and working, but the problem I'm having is when the VPN is up and running I can no longer access the web server locally.  When the VPN is not running, I can access the webserver accross VLANs fine, so I'm pretty sure I got the firewall rules set up to allow that correctly.

      I think the VPN server might be pushing the redirect-gateway directive or something causing all traffic to go through the gateway and making it so my web server will no longer route locally.  I'm just not sure how to fix it.

      Anyone have any advice on this?  Is the a routing rule I can manually add to force it to route the port 80 web traffic locally instead of through the VPN?

      1 Reply Last reply Reply Quote 0
      • S
        steven6282
        last edited by

        Well this is about how it normally goes lol after I work on something for a few hours and then post looking for help, I shortly find a solution.

        I just found this and it seems to be working, so it could have some caveats that I haven't seen yet but this is what I found.  On my linux box that is running the VPN and web server I simply did:

        ip rule add from 192.168.0.0/16 table 10
        ip route add default via <vlan gateway="" ip="">table 10

        And then:
        ip route flush cache

        Now, any traffic from my local network gets sent back through the vlan gateway (pfsense in this case, so that my firewall rules are still in effect I think), and all the other traffic goes through OpenVPN.</vlan>

        1 Reply Last reply Reply Quote 0
        • O
          Ofloo
          last edited by

          the ip command doesn't work on pfsense, and yes i've noticed that too when I setup openvpn client it takes over all routing even if there's routing rules in place that say to use the default route.

          I haven't found a solution for this problem either though. if i do netstat -rn | grep default it still shows the default route. I think it's a firewall thing.

          Haven't read through this but the answer might be in there from what i gather, however i got an other problem which needs solving first. If you do find it the answer please do share.
          https://www.ivpn.net/privacy-guides/advanced-privacy-and-anonymity-part-6

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.