Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Deny bypassing the OpenVPN tunnel?

    Firewalling
    1
    1
    1310
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      grav5 last edited by

      Hi,

      I have the following scenario at the moment:

      pc1–+
      pc2--+---switch---pfSense=========server
      pc3--+

      == means VPN tunnel
      pfSense box is configured as the VPN client, the server acts as the gateway to the internet

      When I disable the tunnel by shutting down the server, the clients (pc1-3) access internet through the pfSense WAN interface. Thus they are bypassing the VPN tunnel.
      I tried a few rules, but I can't block the packets without harming the complete output including the VPN packets.

      tunnel is 10.8.0.0/24
      LAN clients are 10.0.0.0/8

      I tried blocking ANY from LAN where destination IS NOT 10.8.0.0/24
      It didn't worked, as the destinations are still WAN adresses in the packets and only the gateway is 10.8.0.1, i guess.
      Should i try to manipulate the static routes?

      1 Reply Last reply Reply Quote 0
      • First post
        Last post