pfsense vpn

Forums › LAN (ethernet/Wifi/routers/Bluetooth) › pfsense vpn

shrub

715 posts

Ultimate Geek

ID Verified

#233274 8-Apr-2018 15:17

I use a vpn to access blocked content which I just found out can be setup on pfsense.

My pfsense box has a 4 port network card 1 - wan 3 - bridge lan. Pretty basic setup only extras i have is an OpenVPN server.

Am I able to setup the vpn so only 1 of the LAN ports is dedicated to the vpn traffic? I would like to put a spare wifi router on the VPN for a chromecast and a tablet.

If so is there a walk through quide?

muppet

2389 posts

Uber Geek

Trusted

#1991937 9-Apr-2018 12:19

You can do policy routing - so that only 1 IP even is routed via the VPN.

Basically you create the policy that says "source address of X" where X is the device (or network if you want to route a whole /24 that way) use THIS gateway instead.

The gateway is the VPN you've setup.

I don't know about any step-by-step guide, but read up on the pfSense Wiki, it's pretty easy. Create the VPN Client, bind it to an interface and put the policy route in as above.

Mighty Ape

Shop Mighty Ape for electronics, games, computers books and more (affiliate link).

shrub

715 posts

Ultimate Geek

ID Verified

#1992900 10-Apr-2018 18:17

muppet:

You can do policy routing - so that only 1 IP even is routed via the VPN.

Basically you create the policy that says "source address of X" where X is the device (or network if you want to route a whole /24 that way) use THIS gateway instead.

The gateway is the VPN you've setup.

I don't know about any step-by-step guide, but read up on the pfSense Wiki, it's pretty easy. Create the VPN Client, bind it to an interface and put the policy route in as above.

Great idea in theory. I have tried multiple ways and no luck. Issue is as soon as the vpn connection is live I lose wan access. I am able to change the firewall outbound to let openvpn through but this also redirects all lan traffic through the vpn. I have not been able to split the LAN traffic.

Thinking this is above me now.

muppet

2389 posts

Uber Geek

Trusted

#1992905 10-Apr-2018 18:25

As soon as the VPN is live you loose WAN access? Is the VPN teaching you a default route? If so, you need to stop it doing that.

You need the bring up the VPN but learn no routes across it - you want to tick the "Don't pull routes" option in the client setup.

shrub

715 posts

Ultimate Geek

ID Verified

#1994319 11-Apr-2018 16:10

muppet:

As soon as the VPN is live you loose WAN access? Is the VPN teaching you a default route? If so, you need to stop it doing that.

You need the bring up the VPN but learn no routes across it - you want to tick the "Don't pull routes" option in the client setup.

Sort of correct I have not been able to get it working by ticking that box. The missing step was I needed to assign it as an interface.

Once that was sorted all I need to do was Alias the IP range either VPN(220-229) or NONVPN(same as DHCP 10-199) then set the LAN firewall to direct the correct traffic. Now I have assigned DHCP leases by mac address for the devices I want on the VPN in the 220 range. Working well so far.

This Video helped lots https://www.youtube.com/watch?time_continue=109&v=ekRgAATnIsU

muppet

2389 posts

Uber Geek

Trusted

#1994320 11-Apr-2018 16:11

what was the trick to it not breaking when the VPN was connected, if it wasn't stopping the pull of routes?

shrub

715 posts

Ultimate Geek

ID Verified

#1994374 11-Apr-2018 17:05

muppet:

what was the trick to it not breaking when the VPN was connected, if it wasn't stopping the pull of routes?

Not entirely sure I deleted and added so many different things when testing. I think it may of been a firewall rule that was in the OpenVPN tab for the server i had running. I found and deleted a few rules that were any to any.

I also could of had it going quicker if I knew about the states reset. I thought that when you applied a rule it was good but if there was a state already open it remains in its original state.