I’m currently using a Pfsense router and a UniFi us-8 switch with a UniFi ap 6 lite. So I pay for nordvpn and I have a vlan subnet setup for my tv and IoT devices that is supposed to route all of its traffic through my OpenVPN client. I have my outgoing NAT from this ip going through the OpenVPN gateway. I then have a rule that allows any traffic from my vlan interface to any destination. I then blocked traffic from this VLAN to my regular lab network for security purposes. But my OpenVPN client always shows down and all of my traffic is just funneling through the vlan default gateway so it’s not masking my ip to the internet. I can drop some configs if needed but I just wanted to know what my problem here is? Is it the OpenVPN client being down? If so then how am I able to get it online? I believe I got the setup right but I may be wrong. Also if this is wrong then how come my traffic is going out the wan interface anyways? Thanks everyone!
Sounds like you haven’t set up your OpenVPN client correctly.
It’s gateway should be up if configured correctly, regardless of anything else.
By default the vlan traffic will exit your WAN by default which is happening, unless you change the gateway to your VPN gateway.
You overcome this by setting the kill switch, if your VPN is down all traffic is stopped.
Perhaps your VPN provider has a guide on setting up on pfsense.
Now that I think about it I may have set the OpenVPN to ipv4 tunnel and set it as my vlan network. So would this tunnel my OpenVPN back to the vlan so then that would show my public opinion? That’s the only thing I can think of that would be keeping the OpenVPN client down because I believe I configured it properly based on NordVPN’s instructions. They just show how to route all traffic through the VPN rather than one vlan interface.
I think you need to double check all the various settings / parameters in your OpenVPN client is correct for the VPN you are connecting too. I would guess that is you error.
If the above is correct your VPN gateway will show as up, before you do anything else.
If you solve the above then in your vlan rules your wan traffic will need to be set as exiting the VPN gateway you have just setup.
You also need to ensure when you export the crt from NordVPN it is with the setting you believe it has, it obviously might fail if say the ciphers don’t match when you configure the client.
I use AirVPN and they are pretty good on the crt export, easy to see what the parameters should be when configuring the openVPN client.
10-4 will give it another look, appreciate your help sir
I see you may have got your answer but if you are still looking for it you can read https://techlectual.com as they cover many technical questions.
I have pretty amazing experience with them.