3

My goal is to have my internal network traffic go out to the internet through a VPN tunnel.

I checked all previous questions but none of them had the same problem as I am facing, and none of the solutions worked for me. the closest one was pfSense 2.1 OpenVPN client not using tunnelled interface but the solution didn't work in my case.

My home network topology is as follow:

-----------------
| Local network |
-----------------
       \ \
       10.236.1.0/24 (Wireless)
       / /
---------------
| 10.236.1.1  |
|  WiFi mesh  |
| 192.168.1.1 |
---------------
       \ \
       192.168.1.0/30 (RJ45)
       / /
---------------
| 192.168.1.2 |
|   pfSense   |
| 172.16.66.5 |
---------------
       \ \
       172.16.66.0/24 (Wireless)
       / /
-----------------
|  172.16.66.1  |
| Building WiFi |
-----------------

My pfSense have pfBlockerNG (DNSBL) with virtual IP address 10.10.10.1/32.

The OpenVPN client was configured correctly, the status in 'Status / OpenVPN' is up and also in the OpenVPN CloudConnexa panel I have one active network/connector.

Now my problem is that currently all my local network traffic goes through the WAN interface, I want to send packets with a destination IP address that is in a firewall alias group through the VPN tunnel.

At System / Routing / Gateways the active interfaces are:

Name              | Default        | Interface   | Gateway     | Monitor IP
------------------|----------------|-------------|-------------|------------
WAN_DHCP          | Default (IPv4) | WAN         | 172.16.66.1 | 172.16.66.1
OPENVPN_WAN_VPNV4 |                | OPENVPN_WAN | dynamic     |

At Interfaces / Interface Assignments:

Interface   | Network port
------------|------------------------
WAN         | iwm0_wlan0
LAN         | vmx0
OpenVPN_WAN | ovpnc1 (OpenVPN_Client)

At Firewall / NAT / Outbound the automatic rules are:

Interface | Source                                   | Src  | Dst | Dst  | NAT Address | NAT
          |                                          | Port |     | Port |             | Port
----------|------------------------------------------|------|-----|------|-------------|-----
WAN       | 10.10.10.1/32 127.0.0.0/8 192.168.1.0/30 | *    | *   | 500  | WAN address | *
WAN       | 10.10.10.1/32 127.0.0.0/8 192.168.1.0/30 | *    | *   | *    | WAN address | *

Is the only thing that I am missing is to set the Firewall / NAT / Outbound to manual and write the correct rules? if so, what should they be?

Improve this question

1 Answer 1

Reset to default
2

Now my problem is that currently all my local network traffic goes through the WAN interface, I want to send packets with a destination IP address that is in a firewall alias group through the VPN tunnel.

That's primarily routing configuration. Create a static route that uses "OPENVPN_WAN_VPNV4" as the gateway. (I'm not sure whether pfSense will allow that, due to the gateway entry itself being created dynamically, but either way that's the general idea.) Though it might be much better to configure the OpenVPN server to push the appropriate routes to clients.

Outbound NAT (SNAT) does not decide where packets are sent – it only applies address translation according to where packets have already been decided to be sent.

Improve this answer
1
  • When I set a static route at System / Routing / Static Routes with gateway OPENVPN_WAN_VPNV4 - 100.96.1.17 (interface OPENVPN_WAN) I cannot send traffic to that IP range, ping results Destination Net Unreachable and browser HTTP results ERR_CONNECTION_REFUSED
    – Yogev Neumann
    Commented Jun 21, 2023 at 23:16

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .