OpenVPN client default route



  • Hi,

    I've got 3 interfaces
    WAN - DHCP
    INT1 - 192.168.10.0/24
    INT2 - 192.168.20.0/24

    I've setup a openvpn client on the pfsense side to a amazon server. My goal is that any traffic from 192.168.20.0/24 to 0.0.0.0/0 should go over the openvpn. Traffic from 192.168.10.0/24 should be NAT:ed out on WAN interface.

    This seems to be rather tricky, since if I push a default-route over the VPN, it catches all traffic, as I cannot have two default routes, how can I solve this ?

    Thanks,



  • Policy routing.

    1. Leave your default route on WAN, do not pull any routes from the OpenVPN.
    2. On INT2 put rule/s that pass traffic and select the gateway of your OpenVPN circuit.
      (and if you want to reach INT1 from INT2, then put a rule first on INT2 that passes traffic for destination INT1 with no gateway none.)


  • Hi,

    Thank your for your answer, it sounds about right, however I tried to do an any any rule with gateway of the other side of the openvpn tunnel, that does not seem to work.

    I can from the .20 net ping the other side of the openvpn tunnel, but I cannot reach internet. A traceroute just gives stars.

    If I run a tcpdump on the openvpn server, I cannot see any traffic inbound over the tun interface.



  • Hi,

    Solved it, had to assign an interface, assigned VPN1 to ovpnc1, added no ip configuration what so ever. That automatically created a gateway interface under system - routing, then in the firewall rules, I could use that gateway, and the it worked :)


Log in to reply