OpenVPN client default route
-
Hi,
I've got 3 interfaces
WAN - DHCP
INT1 - 192.168.10.0/24
INT2 - 192.168.20.0/24I've setup a openvpn client on the pfsense side to a amazon server. My goal is that any traffic from 192.168.20.0/24 to 0.0.0.0/0 should go over the openvpn. Traffic from 192.168.10.0/24 should be NAT:ed out on WAN interface.
This seems to be rather tricky, since if I push a default-route over the VPN, it catches all traffic, as I cannot have two default routes, how can I solve this ?
Thanks,
-
Policy routing.
- Leave your default route on WAN, do not pull any routes from the OpenVPN.
- On INT2 put rule/s that pass traffic and select the gateway of your OpenVPN circuit.
(and if you want to reach INT1 from INT2, then put a rule first on INT2 that passes traffic for destination INT1 with no gateway none.)
-
Hi,
Thank your for your answer, it sounds about right, however I tried to do an any any rule with gateway of the other side of the openvpn tunnel, that does not seem to work.
I can from the .20 net ping the other side of the openvpn tunnel, but I cannot reach internet. A traceroute just gives stars.
If I run a tcpdump on the openvpn server, I cannot see any traffic inbound over the tun interface.
-
Hi,
Solved it, had to assign an interface, assigned VPN1 to ovpnc1, added no ip configuration what so ever. That automatically created a gateway interface under system - routing, then in the firewall rules, I could use that gateway, and the it worked :)