My goal is to have my internal network traffic go out to the internet through a VPN tunnel.
I checked all previous questions but none of them had the same problem as I am facing, and none of the solutions worked for me. the closest one was pfSense 2.1 OpenVPN client not using tunnelled interface but the solution didn't work in my case.
My home network topology is as follow:
-----------------
| Local network |
-----------------
\ \
10.236.1.0/24 (Wireless)
/ /
---------------
| 10.236.1.1 |
| WiFi mesh |
| 192.168.1.1 |
---------------
\ \
192.168.1.0/30 (RJ45)
/ /
---------------
| 192.168.1.2 |
| pfSense |
| 172.16.66.5 |
---------------
\ \
172.16.66.0/24 (Wireless)
/ /
-----------------
| 172.16.66.1 |
| Building WiFi |
-----------------
My pfSense have pfBlockerNG (DNSBL) with virtual IP address 10.10.10.1/32.
The OpenVPN client was configured correctly, the status in 'Status / OpenVPN' is up and also in the OpenVPN CloudConnexa panel I have one active network/connector.
Now my problem is that currently all my local network traffic goes through the WAN interface, I want to send packets with a destination IP address that is in a firewall alias group through the VPN tunnel.
At System / Routing / Gateways
the active interfaces are:
Name | Default | Interface | Gateway | Monitor IP
------------------|----------------|-------------|-------------|------------
WAN_DHCP | Default (IPv4) | WAN | 172.16.66.1 | 172.16.66.1
OPENVPN_WAN_VPNV4 | | OPENVPN_WAN | dynamic |
At Interfaces / Interface Assignments
:
Interface | Network port
------------|------------------------
WAN | iwm0_wlan0
LAN | vmx0
OpenVPN_WAN | ovpnc1 (OpenVPN_Client)
At Firewall / NAT / Outbound
the automatic rules are:
Interface | Source | Src | Dst | Dst | NAT Address | NAT
| | Port | | Port | | Port
----------|------------------------------------------|------|-----|------|-------------|-----
WAN | 10.10.10.1/32 127.0.0.0/8 192.168.1.0/30 | * | * | 500 | WAN address | *
WAN | 10.10.10.1/32 127.0.0.0/8 192.168.1.0/30 | * | * | * | WAN address | *
Is the only thing that I am missing is to set the Firewall / NAT / Outbound
to manual and write the correct rules? if so, what should they be?