PfSense OpenVPN redirect traffic to WAN



  • Hello,

    i'm a little bit stuck and i'm hoping to find some help here :)
    My home network is 192.168.1.0/24.
    In this network i've got a pfSense firewall running that only serves as an OpenVPN server. It has it's WAN interface connected to my LAN.
    The problem is that when connected to the VPN it connects me to the virtual network that the OpenVPN server creates.
    However i want it to connect to my LAN (so the pfSense's WAN). Does anyone how i'd do something like this?

    I'm quite the noob when it comes to VPN, so any help would be appreciated. Thanks in advance!



  • When you establish a vpn connection you get a virtual interface which gets an ip in the tunnel network. At the other end, the vpn server has also an ip in this network and the vpn server is a router also, which routes the traffic to other networks connected to its interfaces.

    pfSense is a firewall router. If you have a vpn setup you have got an "OpenVPN" interface tab in Firewall > Rules. There you have to enter at least one rule to allow traffic from vpn tunnel network to your LAN.

    At clients side you need a route, which directs traffic with LAN destination to the vpn server. Depending on the client, this can be done in server configuration by entering your LAN networt in "Locale Network(s)" field, or by checking "Redirect Gateway" if you want to direct the whole traffic (internet also) over vpn.
    However, remember that your client must not be in the same network segment as LAN (192.168.1.0/24) behind the vpn.



  • I think i didn't explain correctly.
    I've got my VPN all set up and i can connect without any problems. My issue is that i'm assigned an IP from the virtual network that OpenVPN creates.
    I however wan't it to connect me to the WAN network (which is my home's LAN network).
    my setup is as follows:
    Client –> Internet --> Router --> Home network --> PfSense/OpenVPN

    pfSense doesnt act as router in this situation, only as VPN server.
    Now i need it to connect the VPN traffic to my home network instead of the virtual VPN network.



  • @II_Echelon_II:

    Client –> Internet --> Router --> Home network --> PfSense/OpenVPN

    pfSense doesnt act as router in this situation, only as VPN server.

    At VPN server there are 2 subnets at 2 interfaces: Your Home network and the VPN tunnel network. So pfSense have to route between this networks.

    If you want your vpn client to get an IP of your home network you have to use a tap device at server side and bridge it to WAN. However, I don't recommend this, cause many guys here have trouble with that, and I think, that this want work in your setup at all with just a single interface.

    So use routing and NAT and you will be happy. I had a similar setup in use for some time and it worked very well.



  • Thanks!
    What routing settings would i have to use to get an IP from my home network instead of that of the VPN's virtual network?
    Or should i just redirect all traffic with the the destination of my home network?



  • @II_Echelon_II:

    What routing settings would i have to use to get an IP from my home network instead of that of the VPN's virtual network?
    Or should i just redirect all traffic with the the destination of my home network?

    As said obove, I recommend to use a special tunnel network and a tun device. So the VPN client gets an IP from this tunnel network and pfSense does the routing.

    For this just enter 192.168.1.0/24 in "Locale Network(s)" field of VPN server config and traffic from client to this subnet will be routed over VPN connection.
    As mentioned above, you need a rule at pfSense in addition at VPN interface to permit traffic to 192.168.1.0/24.

    That's all.