Routing rules while using OpenVPN



  • Hello,
    I don't think my problem is a problem in PFSense but maybe PFSense can solve it?  I'm not sure, but I figured maybe one of the knowledgable people here could help me with it.

    I'm configuring a new network with multiple VLANs to section off some things.  One of the VLANs has a single PC in it that is hosting a web server and using OpenVPN to route all of it's traffic through a VPN.  I've got the VPN configured and working, but the problem I'm having is when the VPN is up and running I can no longer access the web server locally.  When the VPN is not running, I can access the webserver accross VLANs fine, so I'm pretty sure I got the firewall rules set up to allow that correctly.

    I think the VPN server might be pushing the redirect-gateway directive or something causing all traffic to go through the gateway and making it so my web server will no longer route locally.  I'm just not sure how to fix it.

    Anyone have any advice on this?  Is the a routing rule I can manually add to force it to route the port 80 web traffic locally instead of through the VPN?



  • Well this is about how it normally goes lol after I work on something for a few hours and then post looking for help, I shortly find a solution.

    I just found this and it seems to be working, so it could have some caveats that I haven't seen yet but this is what I found.  On my linux box that is running the VPN and web server I simply did:

    ip rule add from 192.168.0.0/16 table 10
    ip route add default via <vlan gateway="" ip="">table 10

    And then:
    ip route flush cache

    Now, any traffic from my local network gets sent back through the vlan gateway (pfsense in this case, so that my firewall rules are still in effect I think), and all the other traffic goes through OpenVPN.</vlan>



  • the ip command doesn't work on pfsense, and yes i've noticed that too when I setup openvpn client it takes over all routing even if there's routing rules in place that say to use the default route.

    I haven't found a solution for this problem either though. if i do netstat -rn | grep default it still shows the default route. I think it's a firewall thing.

    Haven't read through this but the answer might be in there from what i gather, however i got an other problem which needs solving first. If you do find it the answer please do share.
    https://www.ivpn.net/privacy-guides/advanced-privacy-and-anonymity-part-6