Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Route from VPN Server to VPN Client connection?

    OpenVPN
    2
    5
    1.1k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • E
      evgeny.magata
      last edited by

      Hello,

      on my pfSense box i have

      • a regular "internet" gateway (cable provider)
      • a VPN client that connects to Mullvad VPN Privacy Provider (10.0.8.0 - but dynymic)
      • (& some rules that route out certain machines over Mullvad)
      • a VPN Server (192.168.10.0) to access my internal Network (192.168.1.0)

      Now i would like to establish a redirect gateway for the "RoadWarrior (i think thats whats it called?) VPN server, to give connections to my VPN Server internet Access BUT through the Mullvad VPN connection.

      I tried several combinations of NAT / FW Rules, without luck so far. Can somebody point me to an explanation how this could be done or outline the steps in terms of routing and NAT? Do i push a redirect gatway to the clients - if yes, how do i push a redirect gateway that is a VPN Client?

      1 Reply Last reply Reply Quote 0
      • V
        viragomann
        last edited by

        • If you want to push the default route to the vpn clients, check "Redirect gateway" in the server settings.

        • If you haven't already done assign an interface to your vpn clients port and to vpn servers port and define your rules on these interfaces.

        • In addition to the rule which allow LAN access add a rule to OpenVPN server interface tab to allow any destination, go down to gateway and select the ovpncX gateway of your vpn client.

        • Add an outbound NAT rule for interface = vpn client interface, source = your ovpn tunnel network and translation = interface address.

        1 Reply Last reply Reply Quote 0
        • E
          evgeny.magata
          last edited by

          Excellent, thanks a lot. I was missing the last step. One further question: The OpenVPN package creates an OpenVPN interface within pfSense, which can be accessed i.e. in the FW Rules section, but doesnt show up in the Interface Section. What is the logic behind that and is it necessary to explicitly create another Interface assigned to the OpenVPN server?

          1 Reply Last reply Reply Quote 0
          • V
            viragomann
            last edited by

            All vpn instance are handled as interface group at OpenVPN rule tab by pfSense. If it is necessary to create particular interfaces for each vpn instance depends on the respective setup.

            In your case, assigning an interface to the server will not be coercively, but it's more clean to put the rules on it than on the ovpn interface group.
            For your client a particular interface is needed for routing.

            1 Reply Last reply Reply Quote 0
            • E
              evgeny.magata
              last edited by

              Ok, now i understand. Thanks again for this explanation!

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.