Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Need help configuring firewall rules for OpenVPN

    Scheduled Pinned Locked Moved OpenVPN
    4 Posts 2 Posters 1.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      reisender
      last edited by

      I'm brand new to pfSense, so any assistance will be appreciated.

      I'm trying to configure a pfSense 2.2.6 installation to direct all web traffic through a OpenVPN connection - StrongVPN in this case.  I have successfully setup the connection to StrongVPN (their techs confirmed that they can see the connection to their server), but I can't get any traffic to go through the VPN.  I've read numerous how-to guides on this site, and others, but still haven't got it working.

      It seems like all of the guides I've found were written for older versions of pfSense.  I'm guessing there is something small that is keeping it from working.  It seems like this should be fairly easy, since I want everything to go out over the VPN, but so far it has me stumped.

      Does anyone have any suggestions on how to get it working on 2.2.6.  What might have changed since the guide in the sticky (https://forum.pfsense.org/index.php?topic=29944.0) was written?

      Thanks.

      1 Reply Last reply Reply Quote 0
      • R
        reisender
        last edited by

        I've narrowed down where I think the problem is.  I can browse the web (outside my VPN) as long as the traffic is going out of the WAN gateway.  As soon as I change the gateway to the VPN, everything stops.  All traffic is blocked.  I've tried getting to various websites by IP number instead of name to bypass the need for DNS lookup without success.

        I'm seeing when I change the VPN gateway to be the default or change the gateway on the pass any firewall rule on the LAN tab to the VPN gateway.

        Any ideas on where I should look next?

        1 Reply Last reply Reply Quote 0
        • V
          viragomann
          last edited by

          Do you have an outbound NAT rule in place for the vpn interface?

          1 Reply Last reply Reply Quote 0
          • R
            reisender
            last edited by

            I think so.  I changed the Outbound NAT from Automatic to Advanced Outbound NAT (AON) and created new rules based off the four default rules created by pfSense, just changing the interface.  I now have the four rules created by pfSense and the four new rules for the VPN interface.  For the interface, I had the option to use OpenVPN or StrongVPN (the name I gave my VPN interface).  I used StrongVPN for the new NAT rules.

            I attached a screenshot of the NAT rules I have in place.

            AON.jpg
            AON.jpg_thumb

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.