Project

General

Profile

Actions

Feature #14105

open

Ability to set 'block-local' gateway flag in OpenVPN Server Config

Added by Jon Brown over 1 year ago.

Status:
New
Priority:
Low
Assignee:
-
Category:
OpenVPN
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Default

Description

I am setting up my OpenVPN servers so when a client connects all their traffic (except VPN tunnel traffic) goes through the VPN. To this end i need to use the block-local gateway flag to stop all access to local subnets for the client while they are connected.

This should be employed for both IPv4 and IPv6.

I can do the following workarounds
  • on the server in custom options push "redirect-gateway def1 block-local"
  • on the client export (not tested) add the following to custom options redirect-gateway def1 block-local
  • edit the client .opvn file and alter the gateway line to be redirect-gateway def1 block-local

This is not ideal because you have to go view the file in /var/etc/openvpn/server1/config.opvn and find out what the gateway statement looks like, copy this text, add block-local to it and employ it in one of the 3 ways outlined above.

Can you add a check box to allow the use of block-local

As a followup (newbie alert) i did not know if you needed the ability too add any of the other gateway flags as you can only override a redirect-gateway command and not add to it.

pfsense CE v2.60

No data to display

Actions

Also available in: Atom PDF