Route OpenVPN Server Traffic Out of Different Gateway

[leacho73]

Hi All,

Is it possible to route OpenVPN traffic out of a different gateway other than the default one that is created when a connection is made? - etc 192.168.0.1 as the GW when connecting on a 192.168.0.x address?

I have tried assigning the OpenVPN interface and giving it an IP, but I can see how that wouldn't work with multiple servers, as you get ovpn1, 2 etc etc.

I'm trying to get NetFlow data out of OpenVPN connections, which I know isn't natively supported so I'm trying to send it through another collector, which requires routing it outside the OPNSense appliance.

Thanks
Leacho

[koushun]

I do not fully understand your question. But I think this is possible? Maybe this can get you started, these are from my notes from another project where I routed an entire subnet through a VPN connection:

Interfaces > Assignments. You will have multiple OpenVPN interface there??
Assign one interface which will be used as a gateway. After assignment, click the name of the interface (OPT5 or something similar).

• Enable Interface

Description: WAN_OpenVPN
Leave rest of the configuration as is. Click Save.

Apply the changes.

Go System > Gateways Click +Add gateway.

Name: GW_WAN_OpenVPN
Description: Access through WAN_OpenVPN?
Interface: WAN_OpenVPN

IP adress: xxx.xxx.xxx.xxx

Check far gateway.
Set rest to default.

Click Save, Apply.

Rules
Go to Rules.

Select the designated interface for your subnet / another OpenVPN server (??) which you would like to go out on internet through this WireGuard VPN.

Add Rule.

Allow any any IPv4, but be sure to select

Gateway: GW_WAN_OpenVPN as your gateway under Advanced settings.

Do not know if this helps, but good luck

[leacho73]

Ah this is perfect @koushun - I'll give it a go this weekend. I shall report back if this works as intended!

Thanks
Leacho