View Single Post
Old 29th August 2017
afdruiprek afdruiprek is offline
New User
 
Join Date: Jun 2017
Posts: 9
Default

I'm sorry I have not answered earlier.

Quote:
3. When an OpenVPN client connects to an OpenVPN server, it updates routing tables on the client system so that the appropriate traffic is routed through the VPN. When the OpenVPN client disconnects from an OpenVPN server, its routing tables should revert to normal.
Correct and I'm using the tun0 interface
and the OpenVPN client is running on the OpenBSD router.
I found that you can change some routing in vpn.conf file but it didn't work
Code:
# redirect all default traffic via the VPN
redirect-gateway def1
# redirect the Intranet network 192.168.1/24 via the VPN
route 192.168.1.0 255.255.255.0
# redirect another network to NOT go via the VPN
route 10.10.0.0 255.255.255.0 net_gateway
# redirect a host using a domainname to NOT go via the VPN
route www.google.ca 255.255.255.255 net_gateway
On my pfSense router i can choose LAN ip addresses to run outside the VPN
but i can't figure out how because its WebGUI and they scatter files around and use XML files
thats also one of the reasons i don't want to use pfSense (it does work great) but i like simplicity .
This is what i did get from the pf.rules in pfSense
Code:
anchor "userrules/*" all
block return out quick on igb0 reply-to (igb0 xx.xxx.xx.xx ISP ip) inet all label "USER_RULE: Reject outbound traffic marked NO_WAN_EGRESS" tagged NO_WAN_EGRESS
pass in quick on igb1 inet from <NETFLIX> to <negate_networks> flags S/SA keep state label "NEGATE_ROUTE: Negate policy routing for destination"
pass in quick on igb1 route-to (igb0 xx.xxx.xx.xx ISP ip) inet from <NETFLIX> to any flags S/SA keep state label "USER_RULE: NETFLIX ON WAN not VPN"
pass in quick on igb1 inet from 192.168.1.0/24 to <negate_networks> flags S/SA keep state label "NEGATE_ROUTE: Negate policy routing for destination" tag NO_WAN_EGRESS
pass in quick on igb1 route-to (ovpnc1 10.128.0.1) inet from 192.168.1.0/24 to any flags S/SA keep state label "USER_RULE: Default allow LAN to OVPN mark traffic as NO_WAN_EGR" tag NO_WAN_EGRESS
Reply With Quote