Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Problem with outbound connections with policy based routing through OpenVPN tunl

    Scheduled Pinned Locked Moved Routing and Multi WAN
    1 Posts 1 Posters 572 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jawa
      last edited by

      Hello,

      I have been trying to get policy based routing set up to route an IP (or even whole subnet) from LAN subnet through VPN tunnel to go out to internet through the VPN gw. I do not want it to go out the normal WAN, since that would cause it not resolve properly and come from the wrong ip address range, rather than the hostname it should be coming from. The different subnets are connected to different interfaces and are not supposed to see each other.

      I have to use a VPN gw + tunnel to get static ip addressing for my email server, since I have no public ip whatsoever on my normal WAN connection. It is working fine with incoming connections, they are working correctly and the server can receive email. The outbound connection is the issue. I want to force the IP address(or whole subnet) from LAN subnet to go through the VPN tunnel on its way out. I have been reading everything I could find on google, and looked at documentation, but I have not been able to find a working setup. I dug around here on the forums for something like this but did not find it. Sorry if I have missed something, if so, please point me in the right direction.

      If I add an interface for the vpn connection, the vpn stops working, even if I recreate all the rules on it. It will not allow me to use a gateway on another subnet for routing. Static routes can only be set for specific outbound addresses, or as default, but I'm not able to use that, as the pfsense box should have default route out the WAN normally for other subnets except LAN. I am also unclear about the nat settings being required here.

      LAN subnet –------------------
                                                |
      RANDOM subnet --------------
                                                |---pfsense-------WAN subnet -> internet
      OOB subnet--------------------        |
                                                |        -------OpenVPN -> VPN gw(also uses the same WAN link, underneath)
      VPN subnet --------------------

      Here is a crude map of my network. Is there anyone who could help me or point me in the right direction for this kind of setup?
      I have read so many posts and tried so many different ways that I am quite confused now.

      Thank you very much

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.