Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Route Internet-traffic through OpenVPN Server

    Scheduled Pinned Locked Moved OpenVPN
    10 Posts 3 Posters 4.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • W
      WokoSchan
      last edited by

      Hi there,

      I try to set up my OpenServer on pfSense. I can connect to my pfSense OpenVPN Server, I also can browse pfSense Webinterface via its local adress (192.168.178.1).
      But it doesn't route the clients internet-traffic through the VPN - even through its "orignal" gateway.

      Client config:

      
      dev tun
      persist-tun
      persist-key
      cipher AES-128-CBC
      auth SHA1
      tls-client
      client
      resolv-retry infinite
      remote secret.adress 9090 udp
      lport 0
      auth-user-pass
      ca gateway-udp-9090-ca.crt
      redirect-gateway def1
      ns-cert-type server
      comp-lzo adaptive
      verb 4
      
      

      Server config:
      http://fs5.directupload.net/images/160309/wntv7evo.jpg (or Attachment)
      data.png
      data.png_thumb

      1 Reply Last reply Reply Quote 0
      • V
        viragomann
        last edited by

        Check "Redirect Gateway" in server config.

        1 Reply Last reply Reply Quote 0
        • W
          WokoSchan
          last edited by

          @viragomann:

          Check "Redirect Gateway" in server config.

          That didn't do the trick.

          Already set a any/any rule in OpenVPN.

          Since I'm behind an cable-modem, I had to NAT my OpenVPN servers port (9090 in this case).

          Do I also have to set NAT-Outbound rules? I set them to "manual" because I also use some OpenVPN clients on my pfSense

          1 Reply Last reply Reply Quote 0
          • V
            viragomann
            last edited by

            Yes, for Internet traffic you need also to add an outbound NAT rule like this:

            WAN      <vpntunnelnetork>*         *         *         WAN address        *        NO</vpntunnelnetork> 
            
            1 Reply Last reply Reply Quote 0
            • W
              WokoSchan
              last edited by

              Added rule. Still no Internet trhough VPN.

              1 Reply Last reply Reply Quote 0
              • V
                viragomann
                last edited by

                Okay, you say you have also a vpn client installed. Have you assigned particular interfaces to each, client and server? This will be necessary in this case.

                After you have to add firewall rules to each interface to permit the traffic you need.

                1 Reply Last reply Reply Quote 0
                • D
                  daniev
                  last edited by

                  I had a similar issue and the problem seems to be solved by running the OpenVPN GUI as an Administrator (Windows 10). Find the OpenVPN GUI file, right click to select properties, then under advanced check Run as Administrator.

                  1 Reply Last reply Reply Quote 0
                  • W
                    WokoSchan
                    last edited by

                    @viragomann:

                    Okay, you say you have also a vpn client installed. Have you assigned particular interfaces to each, client and server? This will be necessary in this case.

                    After you have to add firewall rules to each interface to permit the traffic you need.

                    Yes. Every OpenVPN client has its own interface. I have not done that for the server, but now I created it.
                    But still no Internet traffic through vpn. Although I already set firewall rules for "OpenVPN" and "VPNSERVER", any * any *

                    NAT options

                    
                    WAN	 	127.0.0.0/8	*	*	500	WAN address	*	YES
                    WAN	 	127.0.0.0/8	*	*	*	WAN address	*	NO
                    WAN	 	192.168.178.0/24	*	*	500	WAN address	*	YES
                    WAN	 	192.168.178.0/24	*	*	*	WAN address	*	NO
                    WAN	 	10.0.8.0/24	*	*	*	WAN address	*	NO
                    
                    
                    • the WAN rules are duplicated with every of my vpn-client interfaces
                    1 Reply Last reply Reply Quote 0
                    • W
                      WokoSchan
                      last edited by

                      Well, I maybe know whats the issue is:

                      My OpenVPN clients on pfSense are used for a service like hidemyass. I use multiple connections for different clients.
                      They always try to set a new route directly on my pfsense

                      ERROR: FreeBSD route add command failed: external program exited with error status: 1

                      As soon as I start one of my OpenVPN clients, the internet-passthrough for my clients won't work.
                      Maybe because my pfsense public IP address is not my ISPs address, its one of my hidemyass IPs.

                      I'll try to check "Don't pull routes" on my pfsense OpenVPN client configs.

                      1 Reply Last reply Reply Quote 0
                      • W
                        WokoSchan
                        last edited by

                        Yes! Checked "Don't pull routes" and now it works!

                        Now I want to change the gateway for specific vpn-connected-clients:

                        On LAN:

                        IPv4 *	VPNSERVER net	*	*	*	VPN_PP_AMSTERDAM_VPNV4	none	
                        

                        won't work.

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.