Em 14-10-2015 11:33, C.L. Martinez escreveu: > ALL traffic is routed over tun0 interface. Some of our customers use > the same type of configuration. This is my actual problem: > discriminate when I do requests to my customers and when I do requests > to our internal lans. I need my default gw untouched in this OpenBSD fw. So, now that I believe I understood your problem, it's easier to point you in the right direction. I'm presuming that your vio(4) interfaces are the ones with your customers networks, right? And you don't want your OpenBSD default gw to change, but still want to route traffic through your VPN. In this case, you don't need neither rdomain nor mpath. Properly crafted route-to rules in your pf.conf should do the trick. You can even use anchors and up/down scripts (OpenVPN), to change the rules in response to connections/disconnections. You can also do this the other way around: make the route-to rules for your customers and let your OpenBSD use whatever default gateway you want. If your networks are static, you can hard code them in your pf rules.
Cheers, Giancarlo Razzolini
