pfSense

I am setting up my OpenVPN servers so when a client connects all their traffic (except VPN tunnel traffic) goes through the VPN. To this end i need to use the block-local gateway flag to stop all access to local subnets for the client while they are connected.

This should be employed for both IPv4 and IPv6.

• on the server in custom options push "redirect-gateway def1 block-local"
• on the client export (not tested) add the following to custom options redirect-gateway def1 block-local
• edit the client .opvn file and alter the gateway line to be redirect-gateway def1 block-local

This is not ideal because you have to go view the file in /var/etc/openvpn/server1/config.opvn and find out what the gateway statement looks like, copy this text, add block-local to it and employ it in one of the 3 ways outlined above.

Can you add a check box to allow the use of block-local

As a followup (newbie alert) i did not know if you needed the ability too add any of the other gateway flags as you can only override a redirect-gateway command and not add to it.

pfsense CE v2.60