Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    OpenVPN client default route

    OpenVPN
    2
    4
    2279
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • W
      wberg last edited by

      Hi,

      I've got 3 interfaces
      WAN - DHCP
      INT1 - 192.168.10.0/24
      INT2 - 192.168.20.0/24

      I've setup a openvpn client on the pfsense side to a amazon server. My goal is that any traffic from 192.168.20.0/24 to 0.0.0.0/0 should go over the openvpn. Traffic from 192.168.10.0/24 should be NAT:ed out on WAN interface.

      This seems to be rather tricky, since if I push a default-route over the VPN, it catches all traffic, as I cannot have two default routes, how can I solve this ?

      Thanks,

      1 Reply Last reply Reply Quote 0
      • P
        phil.davis last edited by

        Policy routing.

        1. Leave your default route on WAN, do not pull any routes from the OpenVPN.
        2. On INT2 put rule/s that pass traffic and select the gateway of your OpenVPN circuit.
          (and if you want to reach INT1 from INT2, then put a rule first on INT2 that passes traffic for destination INT1 with no gateway none.)

        As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
        If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

        1 Reply Last reply Reply Quote 0
        • W
          wberg last edited by

          Hi,

          Thank your for your answer, it sounds about right, however I tried to do an any any rule with gateway of the other side of the openvpn tunnel, that does not seem to work.

          I can from the .20 net ping the other side of the openvpn tunnel, but I cannot reach internet. A traceroute just gives stars.

          If I run a tcpdump on the openvpn server, I cannot see any traffic inbound over the tun interface.

          1 Reply Last reply Reply Quote 0
          • W
            wberg last edited by

            Hi,

            Solved it, had to assign an interface, assigned VPN1 to ovpnc1, added no ip configuration what so ever. That automatically created a gateway interface under system - routing, then in the firewall rules, I could use that gateway, and the it worked :)

            1 Reply Last reply Reply Quote 0
            • First post
              Last post