Need help configuring firewall rules for OpenVPN

  • I'm brand new to pfSense, so any assistance will be appreciated.

    I'm trying to configure a pfSense 2.2.6 installation to direct all web traffic through a OpenVPN connection - StrongVPN in this case.  I have successfully setup the connection to StrongVPN (their techs confirmed that they can see the connection to their server), but I can't get any traffic to go through the VPN.  I've read numerous how-to guides on this site, and others, but still haven't got it working.

    It seems like all of the guides I've found were written for older versions of pfSense.  I'm guessing there is something small that is keeping it from working.  It seems like this should be fairly easy, since I want everything to go out over the VPN, but so far it has me stumped.

    Does anyone have any suggestions on how to get it working on 2.2.6.  What might have changed since the guide in the sticky ( was written?


  • I've narrowed down where I think the problem is.  I can browse the web (outside my VPN) as long as the traffic is going out of the WAN gateway.  As soon as I change the gateway to the VPN, everything stops.  All traffic is blocked.  I've tried getting to various websites by IP number instead of name to bypass the need for DNS lookup without success.

    I'm seeing when I change the VPN gateway to be the default or change the gateway on the pass any firewall rule on the LAN tab to the VPN gateway.

    Any ideas on where I should look next?

  • Do you have an outbound NAT rule in place for the vpn interface?

  • I think so.  I changed the Outbound NAT from Automatic to Advanced Outbound NAT (AON) and created new rules based off the four default rules created by pfSense, just changing the interface.  I now have the four rules created by pfSense and the four new rules for the VPN interface.  For the interface, I had the option to use OpenVPN or StrongVPN (the name I gave my VPN interface).  I used StrongVPN for the new NAT rules.

    I attached a screenshot of the NAT rules I have in place.