Forcing all VPN client traffic thru the tunnel

  • We just installed pfsense 2.1.5.

    Gave some remote workers their accounts to connect to the office; and that works.

    We have an IPSec tunnel built to a customer network from pfsense, letting us to connect to their site remotely from the office. The connection is limited to our source private network 192.168.45.XX.On client site we are only allowed to connect to a particular IP address thru the tunnel. It works from the office; but we want to make this connection available through openvpn connections as well.

    Our tunnel network is 192.168.46.XX.

    A couple of things I am curious about:

    1- Not all traffic is being forced to go thru the openvpn connection. We tried the "redirect" checkbox under OPENVPN server config but that didnt help.
    2- if only 192.168.45.XX is allowed thru the IPSec tunnel, how can we make sure openvpn clients with IP 192.168.46.XX can use this IPSec connection remotely.


  • So we managed to make the first item work but still trying to figure out how we can give access to our openvpn clients for the remote customer network.

    When we build the IPSec tunnel, we only had 192.168.45.XX as our local network. Our tunnel network for the openvpn clients is 192.168.46.XX. Even if I add 46.XX in IPSec config; the routing will not work.

    Is it possible to NAT the opevpn clients behind 45.XX; if they want to access the customer network?


  • We had exactly the same situation. With an tun OpenVPN network I have not been able to get it working either.

    So I created another OpenVPN connection, this time based on a tap-device (see other posts for that).
    After pushing a route for the client-network in the OpenVPN default setting I now can access files through home–>OpenVPN-->Office-->IPSec-->Customer site.

Log in to reply