Route all traffic for a VLAN through OpenVPN



  • So I've set up my OpenVPN client in pfsense which succesfully connects to my OpenVPN server (located off-site). However, I want all traffic to and from a specific VLAN to be routed through that OpenVPN connection and I'm not quite sure how to go about it. I've been reading a couple of guides here and there but they all take different approaches and none of them match my use case. Could anyone give me any pointers?

    Thanks!



  • I want to do the same thing, but I'm unsuccessful.

    I tried this guide (link below), which said to use Policy based routing in firewall rules, but no packets get through the tunnel. I get "No route to host" when I try to ping the tunnel gateway IP on the openvpn server from VLAN clients, but I can ping it from pfSense.

    I'm not familiar enough with pf to understand policy based routing, or to even dump the rules to check that the GUI got the rule configured correctly.

    Make sure to check "Do Not Pull routes" in the VPN client config on pfSense GUI.

    Link: https://forum.pfsense.org/index.php?topic=91066.0



    1. create an openvpn tunnel (you probably have done that)
    2. assign an interface to your openvpn tunnel (interfaces–>assign)
    3. configure the interface, and set configuration-type to "none"
    4. restart openvpn
    5. create a gateway for your openvpn-interface; only if not done automatically (system–>routing-->gateways)
    6. create firewall rule on "VLAN-XX' and create a PASS * * * gateway: openvpn-GW

    also there are numerous post on this forum that explain it in detail: https://forum.pfsense.org/index.php?topic=29944.0



  • @heper:

    1. create an openvpn tunnel (you probably have done that)
    2. assign an interface to your openvpn tunnel (interfaces–>assign)
    3. configure the interface, and set configuration-type to "none"
    4. restart openvpn
    5. create a gateway for your openvpn-interface; only if not done automatically (system–>routing-->gateways)
    6. create firewall rule on "VLAN-XX' and create a PASS * * * gateway: openvpn-GW

    also there are numerous post on this forum that explain it in detail: https://forum.pfsense.org/index.php?topic=29944.0

    Thanks! I got it working. However, I do have one question. I have noticed that the OpenVPN connection at one point disconnected from the VPN server. The VLAN routed through the OpenVPN could still access the internet but now it goes outside the VPN.

    How can I make it so that said VLAN wont get internet access at all if the VPN connection is down? I figured the OpenVPN GW would just drop all traffic not going through the VPN, but that's seemingly not the case as it seems like the traffic is bypassing the openvpn gw when the openvpn connection is down.

    Thanks


  • Netgate