Routing all traffic through an OpenVPN Site2Site tunnel



  • Hello

    I've setup a Site2Site OpenVPN. It seems to be working well, I can ping from both sides.

    The country I am residing in does not allow VoIP and is blocking VoIP traffic.
    Therefore, I need to setup my VoIP telephony to route through my firewall in my home country.

    How do I setup IP specific routing over the OpenVPN, so that all traffic from certain hosts are routed to the remote gateway/firewall/pfsense and thus is viewed to the outside as coming from this remote IP?



  • You can NOT do that from the GUI since it knows nothing about the tun device nor the IP/gateway of it. You would have to some pf/route-to hacking behind the scene to make it work.

    ./Thomas



  • Is there any kind of documentation for this approach? - adding route-to manually?

    Is there any alternatives?

    • such as setting up an IP tunnel? (if yes, which software?)
    • setting up a firewall entirely for this purpose that does redirect-gateway ?

    I'm currently trying to figure out how to use redirect-gateway but it doesn't seem to work. Traffic is not redirected. The system logs report no errors.



  • Actually you can do that via the GUI.

    Take a look at the -redirect command.
    http://forum.pfsense.org/index.php/topic,7001.0.html

    This changes the routing-table of pfSense so that everything gets routed through the tunnel.

    Since you only want some traffic to be routed through the tunnel you change the "allow all" rule not to use the default routing table but force it out a specific gateway (in your case the WAN).
    –> create a rule for everything that shouldnt go over the tunnel with as gateway "WAN" and NOT *

    This way you have:

    • traffic you specify in the rules goes out the WAN.
    • everything else goes over the openVPN tunnel.

Locked