Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Routing all traffic through an OpenVPN Site2Site tunnel

    Scheduled Pinned Locked Moved Routing and Multi WAN
    4 Posts 3 Posters 4.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      tullipo
      last edited by

      Hello

      I've setup a Site2Site OpenVPN. It seems to be working well, I can ping from both sides.

      The country I am residing in does not allow VoIP and is blocking VoIP traffic.
      Therefore, I need to setup my VoIP telephony to route through my firewall in my home country.

      How do I setup IP specific routing over the OpenVPN, so that all traffic from certain hosts are routed to the remote gateway/firewall/pfsense and thus is viewed to the outside as coming from this remote IP?

      1 Reply Last reply Reply Quote 0
      • Q
        qdk
        last edited by

        You can NOT do that from the GUI since it knows nothing about the tun device nor the IP/gateway of it. You would have to some pf/route-to hacking behind the scene to make it work.

        ./Thomas

        1 Reply Last reply Reply Quote 0
        • T
          tullipo
          last edited by

          Is there any kind of documentation for this approach? - adding route-to manually?

          Is there any alternatives?

          • such as setting up an IP tunnel? (if yes, which software?)
          • setting up a firewall entirely for this purpose that does redirect-gateway ?

          I'm currently trying to figure out how to use redirect-gateway but it doesn't seem to work. Traffic is not redirected. The system logs report no errors.

          1 Reply Last reply Reply Quote 0
          • GruensFroeschliG
            GruensFroeschli
            last edited by

            Actually you can do that via the GUI.

            Take a look at the -redirect command.
            http://forum.pfsense.org/index.php/topic,7001.0.html

            This changes the routing-table of pfSense so that everything gets routed through the tunnel.

            Since you only want some traffic to be routed through the tunnel you change the "allow all" rule not to use the default routing table but force it out a specific gateway (in your case the WAN).
            –> create a rule for everything that shouldnt go over the tunnel with as gateway "WAN" and NOT *

            This way you have:

            • traffic you specify in the rules goes out the WAN.
            • everything else goes over the openVPN tunnel.

            We do what we must, because we can.

            Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.