Messages

I just got this working using a fresh OPNsense install (18.1.6).  In the VPN client configuration, you definitely want to leave "Don't pull routes" unchecked and check "Don't add/remove routes".

I do have the DNS problem that some people mentioned, though.  Basically, from the machine I'm forcing to go through the VPN tunnel, I am able to ping addresses on the Internet, but DNS look-ups fail. 

Using Wireshark, I see the DNS requests go out from the client to OPNsense, but I never see a reply.

In the OPNsense log, I see the DNS request come in from the client, and then a DNS reply seems to come from the OpenVPN client IP assigned to the interface.

If I manually configure my client machine to use another DNS server (e.g. 8.8.8.8), then everything works.

I'm using the default DNS server - "Unbound DNS" - so the next thing I'll be trying is to use Dnsmasq instead.

The changes you mentioned for the OpenVPN client config got it working (I'm running 20.7), though I haven't figure out why. Thanks a ton!

For the DNS problem you are facing, it might be because you have your DNS configured as your router and if you only have 2 rules (one to route via VPN, one to block), you won't be able to reach your router. I have to add yet another rule on top to pass traffic to "LAN net" with the default gateway setting.