Deny bypassing the OpenVPN tunnel?



  • Hi,

    I have the following scenario at the moment:

    pc1–+
    pc2--+---switch---pfSense=========server
    pc3--+

    == means VPN tunnel
    pfSense box is configured as the VPN client, the server acts as the gateway to the internet

    When I disable the tunnel by shutting down the server, the clients (pc1-3) access internet through the pfSense WAN interface. Thus they are bypassing the VPN tunnel.
    I tried a few rules, but I can't block the packets without harming the complete output including the VPN packets.

    tunnel is 10.8.0.0/24
    LAN clients are 10.0.0.0/8

    I tried blocking ANY from LAN where destination IS NOT 10.8.0.0/24
    It didn't worked, as the destinations are still WAN adresses in the packets and only the gateway is 10.8.0.1, i guess.
    Should i try to manipulate the static routes?


Locked