OPNsense Forum

English Forums => General Discussion => Topic started by: MatFuz on March 31, 2017, 11:02:50 am

Title: IP cloaking for OpenVPN and/or IPsec
Post by: MatFuz on March 31, 2017, 11:02:50 am
Hi all,
I've had a look, but can't seem to find specifically the answer in the other discussions, so I'm sorry if this has been covered before...

I need a VPN tunnel to keep my home IP when travelling in order to access Netflix etc, so I guess I simply need to know what variations are required from the standard documented OpenVPN and IPsec setups are required to ensure all internet traffic passes through the VPN interface through to the remote client.

Thanks for any help!
Title: Re: IP cloaking for OpenVPN and/or IPsec
Post by: bartjsmit on March 31, 2017, 12:12:21 pm
In the OpenVPN server configuration, enable 'Redirect Gateway' to ensure all client IPv4 traffic goes through the tunnel. For IPv6, add this to 'Advanced' to get the same result:

push "route-ipv6 2000::/3"

Bart...
Title: Re: IP cloaking for OpenVPN and/or IPsec
Post by: MatFuz on April 05, 2017, 07:16:18 pm
Hi Bart,
Thanks for the reply - I've tried this a couple of times with Redirect Gateway, and I get a connection and can still access my home network, but now cannot access the internet. Is this a DNS setting issue, or do I need additional firewall rules?

Thanks for any help.

Matt
Title: Re: IP cloaking for OpenVPN and/or IPsec
Post by: MatFuz on April 05, 2017, 07:18:05 pm
By the way, I am using the directions given in the SSL VPN road warrior set-up without OTP settings, and simply clicking the Redirect Gateway box.
Title: Re: IP cloaking for OpenVPN and/or IPsec
Post by: bartjsmit on April 05, 2017, 08:14:15 pm
To exclude DNS, do a traceroute to 8.8.8.8. What are your DNS settings in the OpenVPN server?

Bart...
Title: Re: IP cloaking for OpenVPN and/or IPsec
Post by: fabian on April 05, 2017, 10:10:26 pm
I would use "cat /etc/resolv.conf" on the host to find out, which DNS servers are used. I would prefer in general to use tcpdump / wireshark for debugging reasons to see what is going on.
Title: Re: IP cloaking for OpenVPN and/or IPsec
Post by: MatFuz on April 12, 2017, 02:30:09 pm
Hi All, just wanted to say thanks for everything, but I have solved the issue: it's the DNS settings. Specifically that Windows clients needed to be forced to refresh the DNS servers. Once that was checked the system works perfectly. Thanks for the help!