From 5d08fb412b4b7c972cb826516c21a6ffb618f6b8 Mon Sep 17 00:00:00 2001 From: Thomas Cekal Date: Mon, 15 Apr 2024 11:54:24 +0200 Subject: [PATCH] Added a brief info abount redirect-gateway --- source/manual/how-tos/sslvpn_instance_roadwarrior.rst | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/source/manual/how-tos/sslvpn_instance_roadwarrior.rst b/source/manual/how-tos/sslvpn_instance_roadwarrior.rst index 2182ee92..55e5054b 100644 --- a/source/manual/how-tos/sslvpn_instance_roadwarrior.rst +++ b/source/manual/how-tos/sslvpn_instance_roadwarrior.rst @@ -114,8 +114,6 @@ In order to setup a tunnel on both ends, we need to configure certificates to wa it is also possible to clients to share a certificate. When adding a certificate from the user manager the CN is automatically set to its name. In this example we will only authenticate using the certificate, no additional user or password will be required. -.. Note:: - In order for the redirect-gateway option to work, a manual NAT outbound rule must be created. ..................... Static keys @@ -148,6 +146,7 @@ TLS static key choose the prepared static key Authentication Local Database :sup:`2` Strict User/CN Matching [V] :sup:`3` Local Network 192.168.8.0/24 +Redirect gateway Leave empty :sup:`4` ======================= ======================================= .. admonition:: Note :sup:`1` @@ -165,6 +164,10 @@ Local Network 192.168.8.0/24 Selecting the "Strict User/CN Matching" option warrants only matching user/certificate can login, when sharing a single vertificate between clients this option needs to be deselected. +.. admonition:: Note :sup:`4` + + If you want all outgoing IP traffic to be redirected over the VPN, you can set the option to :code:`default`. + For this to work, a manual NAT outbound rule must be created. Next go to :menuselection:`Firewall --> Rules --> WAN` and add a rule to allow traffic on port :code:`1194/UDP` from the other host. At minimum we should add a rule similar to this one: