Policy Routing Certain Traffic Through an OpenVPN Client Connection

Many people ask how to route certain traffic through OpenVPN connections provided by companies like Private Internet Access, AirVPN, StrongVPN, or VPNBook - to name a few.

The pfSense® firewall software contains all the tools necessary to accomplish this task. This writeup was developed using version 2.2.4 amd64.

This article assumes a working pfSense firewall and a simple need to configure the VPN. The reader will also need a text editor and the ability to copy and paste blocks of text from a text file into pfSense configuration screens. Familiarity with unzipping file archives will also be necessary.

This network diagram depicts the test environment in use:

pfSense XenServer Lab Diagram OpenVPN Client

The following tasks will be outlined:

  1. Creating a connection to VPNBook.
  2. Creating an OpenVPN assigned interface.
  3. Creating a policy route to send all traffic from Host A1 through the VPN.
  4. Adding a per-packet pf tag and necessary firewall rules to prevent any traffic originating from Host A1 from egressing the WAN if the VPN connection is down.