From d838de261535140c5785694c325c5268a6b4fadf Mon Sep 17 00:00:00 2001 From: Thomas C <96428856+cektom@users.noreply.github.com> Date: Mon, 15 Apr 2024 13:10:55 +0200 Subject: [PATCH] Added note to create NAT outbound rule for redirect-gateway to work (#554) * Added note to create NAT outbound rule for redirect-gateway to work https://github.com/opnsense/core/issues/7318 * Added a brief info abount redirect-gateway --------- Co-authored-by: Thomas Cekal --- source/manual/how-tos/sslvpn_instance_roadwarrior.rst | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/source/manual/how-tos/sslvpn_instance_roadwarrior.rst b/source/manual/how-tos/sslvpn_instance_roadwarrior.rst index 5aca5992..55e5054b 100644 --- a/source/manual/how-tos/sslvpn_instance_roadwarrior.rst +++ b/source/manual/how-tos/sslvpn_instance_roadwarrior.rst @@ -146,6 +146,7 @@ TLS static key choose the prepared static key Authentication Local Database :sup:`2` Strict User/CN Matching [V] :sup:`3` Local Network 192.168.8.0/24 +Redirect gateway Leave empty :sup:`4` ======================= ======================================= .. admonition:: Note :sup:`1` @@ -163,6 +164,10 @@ Local Network 192.168.8.0/24 Selecting the "Strict User/CN Matching" option warrants only matching user/certificate can login, when sharing a single vertificate between clients this option needs to be deselected. +.. admonition:: Note :sup:`4` + + If you want all outgoing IP traffic to be redirected over the VPN, you can set the option to :code:`default`. + For this to work, a manual NAT outbound rule must be created. Next go to :menuselection:`Firewall --> Rules --> WAN` and add a rule to allow traffic on port :code:`1194/UDP` from the other host. At minimum we should add a rule similar to this one: