Hello,
OpenVPN states --pull-filter ignore redirect-gateway is the preferred way to override server pushes to redirect traffic to gateway. Does the new Opnsense Instances handle this method? I'm using --route-nopull for now. I dont see anything like it in the Client Specific Overrides section either.
https://community.openvpn.net/openvpn/wiki/IgnoreRedirectGateway (https://community.openvpn.net/openvpn/wiki/IgnoreRedirectGateway)
Thanks.
That's applied on the client side to override what the server is pushing. Just edit the client config.
Is there a place in the new Instances to do this??
It doesn't seem obvious to me if so.
OPNsense is the server. Why would you configure a client side setting there? This goes into the config file for the client.
If you are using OPNsense as a client you did not say so and the most common scenario for OpenVPN is OPNsense as server and users with PCs, Macs, ... as clients.
I'm using it as a client.
Ah ... sorry then. Ignore my remarks, please.
I'm really interested on how to avoid all traffic through firewall. My students only needs the VPN for acces to a VM in my school (subnet in 172.16/16). I don't want them to use the bandwidth for Youtube/Spotify and others usages.
Seems you're running a server?
So this is a different thing at all and you should open a new topic.
Quote from: hidef on September 20, 2024, 02:41:45 AMHello,
OpenVPN states --pull-filter ignore redirect-gateway is the preferred way to override server pushes to redirect traffic to gateway. Does the new Opnsense Instances handle this method? I'm using --route-nopull for now. I dont see anything like it in the Client Specific Overrides section either.
https://community.openvpn.net/openvpn/wiki/IgnoreRedirectGateway (https://community.openvpn.net/openvpn/wiki/IgnoreRedirectGateway)
Thanks.
Hello,
I'm also interested in some kind of override option to add "pull-filter ignore redirect-gateway"
Quote from: Patrick M. Hausen on September 20, 2024, 07:24:22 PMOPNsense is the server. Why would you configure a client side setting there? This goes into the config file for the client.
If you are using OPNsense as a client you did not say so and the most common scenario for OpenVPN is OPNsense as server and users with PCs, Macs, ... as clients.
I too would like some way to use "pull-filter ignore redirect-gateway" if it's possible.
Patrick, I have opted to use OpenVPN client instances with my setup where I simultaneously connect to both my provider's UDP and TCP servers in a failover group. The significant benefit of OpenVPN clients are their ability to hold a large list of server addresses in the client config and connect to them at random using the 'remote-random' option. I run all my WAN traffic through the VPN failover group 24/7 and this allows me to use Home Assistant automation to force either client to reconnect when latency or packet loss gets high during peak times. Some servers are usually less crowded than others. I find this works really well. WireGuard, to my knowledge, can't do this?