HOWTO - Routing Traffic over Private VPN

[ligand]

Hi Everyone,
Wanted to share a configuration option to help with port forwarding.  My setup:

Interfaces
WAN
VyprVPN
LAN

Thanks to this thread I was able to get Transmission to route out of the VPN interface instead of the WAN interface.  However, Transmission reported that my peer listening port was closed.  I setup port forwarding on the VyprVPN interface to forward inbound traffic to my Transmission host but it didn't work.  After doing a bunch of  tcpdumps, I found that inbound traffic entered the VyprVPN interface but left using the WAN interface. 

I also have an OpenVPN server setup and found a rule in the OpenVPN server rule in that ruleset was affecting my Transmission traffic.   The rule is the one that allows for all traffic to enter OpenVPN (see attachment).  If I disabled the rule then all traffic to and from Transmission went over the VPN.  If the rule was enabled, then I experienced asymmetric routing.  I found that if I unchecked "apply rule immediately" then my routing worked as expected.  :-). Hope this helps.

[immto]

Hello everyone and thanks to you all and especially M4DM4NZ for getting this thread going years ago.  That said I do have a couple issues I'm still ironing out and I'm trying to really understand this.  The original How To said to create a rule for port 500.  Was that a thing back in 2018 because I can't see any reason why I would need this rule.  Any thought on that? 

Also Thank you

Hello,

i hope someone can explain me the implications / correct settings of the openvpn client configuration Don't pull routes and Dont add/remove routes

Every VPN Provider seems to have different settings here.

NordVPN
Don't pull routes               -> Unchecked
Dont add/remove routes    -> Checked

AirVPN
Don't pull routes               -> Checked
Dont add/remove routes    -> Unchecked

PIA
Don't pull routes               -> Unchecked
Dont add/remove routes    -> Unchecked

Can someone please help here?
Thx!

That is what really helped me get this going.  Nowhere is it mentioned that these settings are so important, but they are.  The VPN providers don't even seem to mention them.   

[chenks]

hi, sorry to bump this thread, but i'm a new opnsense user and just looking to check if the instructions at the start of this thread (from 2017) will allow me to do what i'm trying to achieve.

i'm new to opnsense, but not new to basic network config and tinkering with config.

i've added my nordvpn account to opnsense as a vpn client (using https://support.nordvpn.com/Connectivity/Router/1292598142/OPNsense-19-1-setup-with-NordVPN.htm although stopped at the unbound part), and it's showing as connected (albeit no traffic actually routing thru it just now).

i want to route either specific URLs or specific LAN clients thru the VPN (ie not ALL traffic), i believe this will probably be policy based routing?

example
i want to route all traffic from 192.168.50.10 thru the VPN
i want to route any device accessing www.blah.com thru the VPN

i also don't want any DNS leak