Route (all) traffic through VPN not working

Started by pep, April 14, 2025, 05:45:22 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
April 14, 2025, 05:45:22 PM

Hello,

I've been using opnsense since a while and I'm pretty happy with it, there is just this little detail I can't get to work as intended with the VPN.
I have some understanding of networking and (somewhat less I'd say) on firewalling/routing.

Here is my network architecture:
Image (I can't get the image inserted in the post!? :-P)
I have internet acces through a modem that is connected to the LAN1 (192.168.1.0/24).
On LAN1, I have opnsense connected with the "WAN" interface (IP 192.168.1.100) and acts as a router to LAN2 (10.10.1.0/24), the opnsense interface for LAN2 is "LAN" (IP 10.10.1.1).
On LAN2, I have a hypervisor running with several VM (and one of them is opnsense).

I've setup an openvpn server so external devices can access LAN2 (like a phone with 4G connection).


Issue:
This works well but the external devices don't route the internet traffic through the VPN and use the local internet access instead.
This is not an expected behavior (and unwanted on untrusted networks).

I've search on the forum/internet and I tried some options (like "redirect gateway" and "push options" in the openvpn server configuration) but with no results. 
I've been rechecking the openvpn configuration and I think it might hang at the firewall rules (because on the android app, when I check the option "use default route" then I don't get internet anymore)? 

So the openvpn server is configured as follow:
General:
  • Role: server
  • Protocol: UDP (IPv4)
  • Port number 1194
  • Type: TUN
  • Server: 10.10.2.0/24
  • Topology: subnet
Routing:
  • Local network: 10.10.1.0/24
Miscellanous:
  • Push: block-outside-dns, register-dns
  • Redirect gateway: default
  • DNS servers: 10.10.1.1


On the firewall:
LAN:
  • Protocol: IPv4
  • Source: LAN net
  • Port: *
  • Destination: *
  • Port: *
  • Gateway: *
  • Schedule: *
WAN:
  • Protocol: IPv4 UDP
  • Source: LAN net
  • Port: *
  • Destination: WAN address
  • Port: 1194
  • Gateway: *
  • Schedule: *
OpenVPN
  • Protocol: IPv4 *
  • Source: OpenVPN net
  • Port: *
  • Destination: *
  • Port: *
  • Gateway: *
  • Schedule: *


I was hoping someone here could help me out to understand why it does not behave as I want. I probably miss something but can't identify what exactly.
I'm probably doing something wrong in the configuration...

Thanks!




April 17, 2025, 11:41:44 PM #1
I found a solution: adding an outbound NAT rule in the firewall, using the VPN interface as source and any as destination.

As I said, I'm not very familiar with NATing and routing and I would have expected a routing rule... So I'll have to dig a bit more to understand the difference between a NAT and a routing rule. :-)

Print
Go Up Pages1
User actions