Routed config

[mcozzo]

I'm having difficulty getting the appropriate L3 bits configured for my environment.

I have a Core L3 switch that handles all RFC1918 networks. From there my internet is handled by a firewall. I would like to span the internal and external networks with my OpenVPN server. The expectation is that client VPN traffic hits the core L3 before being routed to the firewall. The OVPN server has a leg in both internal and external networks. All L2 connectivity has been verified.

I'm running into an issue with the routing on the OVPN server.
0.0.0.0/0 should route to the ISP for client web authentication, VPN connection, etc.
All user traffic should route to the Core L3 device and then out through the firewall. Users at remote sites should hit the core and then out through the firewall.

Why:
I want to handle VPN traffic natively and not port forward through the firewall.
I want to be able to inspect client internet traffic using my firewall.
All of the rest of my traffic decisions happen on the core L3 device so I would like to retain that functionality.

[mcozzo]

I suppose for the client device the route table should read:
x.x.x.13 > ISP/DHCP

Regardless, I'll treat the endpoint as a full tunnel client and expect all of the traffic from it. That's not the question, the issue I have is that I can't actually load up the client authentication page, as there's no default route for that return traffic.