Force all traffic through VPN

I am using pfSense as a firewall, with its VPN functionality. The client I use is Shrew Soft VPN client. As it is a split tunnel, is there a way I can force all traffic through the VPN connection, i.e. so my external IP is always the pfSense box's one.

The reason I would like to do this is because the locations I access my servers from has DHCP assigned addresses via the ISP. I cannot afford a static IP, it isn't included in my package, but I lockdown my servers to only some IP's. When the ISP allocates a new IP, I am unable to access my servers through SSH. I have allowed the IP of the pfSense box as it is in a location which has a static IP.

How would I overcome this? Is there an alternative to trying to force the traffic through the VPN tunnel?


Configure your routing table in linux. Fairly straightforward, but will depend on your current configuration.

Type route -n to see your current routing table (on Mac OS X its netstat -rn).

Note the default route (the one that's destination 0.0.0.0), that matches everything. The basic way a routing table works is that traffic will match the most specific rule -- all it needs to know is where the first hop should go. So a command like:

sudo route add -net 10.0.0.0/8 ppp0
sudo route add -net 1.2.3.0/24 ppp0

would add a line to your routing table that will take send any traffic going to an address matching those rules (all IP addresses that start with 10.*.*.* for the first rule and all IP addresses that match 1.2.3.* for the second rule) and send traffic to the ppp0 interface. (Assuming its ppp0 interface).