Last modified at 11/2/2013 11:45 AM by Koen Zomers

When creating a new OpenVPN service instance on a pfSense box, it allows you to put a checkmark to define that all client traffic should be routed via pfSense once a client is connected.

This option is also there when editing an existing OpenVPN service instance so if you decide to switch it on or off later, this is still possible:

There's another way of doing this as well. You can apply the setting either server side (meaning it applies to all connected OpenVPN users) or client side (meaning, the client decides if all traffic should be routed towards OpenVPN).

Server side

You can do the server side approach by adding the following command to the Advanced configuration section:

push "redirect-gateway def1"

This will push this rule towards all clients that connect to this OpenVPN service instance and will change the default gateway on their machines to route all their IPv4 traffic towards your OpenVPN service instance.
If you have enabled IPv6 over your OpenVPN connection as well and want to route all IPv6 traffic through your pfSense server, add:

push "route-ipv6 ::/0"

Both the default gateway command for IPv4 as well as the one for IPv6 can be used at the same time if desired.

Client side
It is also possible not to have the server push this rule towards each connected client, but let the client decide if he wants to route all its traffic via the OpenVPN service instance. In this case, do not add the server side push rule under Advanced configuration, but instead edit the client configuration file. These are usually located in:

C:\Program Files (x86)\OpenVPN\config

In that folder you will find one or more .ovpn files. You can either edit the one you need in notepad or first copy an existing one and edit that one in notepad - leaving the client with two options: 1) do route all traffic and 2) only route local network traffic. At the bottom of the script, add the following:

redirect-gateway def1

Save notepad and close it. You can now connect to your OpenVPN instance the way you're used to and you'll notice that when using the configuration file in which you added the above command, all traffic will flow towards your OpenVPN service.