I am interested in something similar to this and was thinking that integrating pfBlockerNG would facilitate creating an access list to be used for routing purposes.  In this case I would think that adding the domain to pfb would resolve all of the ip's for that site/domain and adding them to an access list, then setting a routing statement using that access list as the destination to route through the vpn instead of the WAN. What I am wanting to test is using pfblocker to create an access list for the .onion domain, then routing the traffic destined to that domain through a vpn.  For instance, there are ubuntu repos on tor, and when updating packages from that repo, I would like that traffic to automatically route through the vpn connection instead of attempting through my wan.

That won't ever work properly. You must configure it using the GUI. If you post the details of your configuration (without anything private included), we can help you determine how it will be setup in the GUI but running it in the background like you are doing is not viable.

Is the pfSense LAN IP the default gateway on the LAN machines? Please post your vpn settings.

You are correct he mentioned that… I must of been thinking of another thread.. Thee was another thread asking about using using multiple vpn connections.  Much longer than this one though.. I was thinking of this one. https://forum.pfsense.org/index.php?topic=135283.0 Different poster.

Thanks! Attached is a screenshot of the logs page. Do I need to do something to turn them on? I can't find any settings. It seems really odd that there are no logs of anything. The client seems to have gone down the tunnel and found the network, because it received the 192.168.4.x address, and the pfsense is there too. But the rest of the transaction isn't happening. I have a laptop that successfully connects through OpenVPN and PfSense to a different network. The configuration files seem pretty much alike. [image: pfsense-logs.jpg] [image: pfsense-logs.jpg_thumb]

If the server pushes the default route to you and you did something wrong that's normal. You may aviod to get the default route pushed by checking "Don't pull routes" in the client settings for testing. Maybe you're missing the outbound NAT rule for the vpn. So enable the interface and set the outbound NAT rule. The outbound NAT must be set to hybrid or manual mode. Then add a new rule: Interface: <the vpn="" client="" interface="">Source: any Dest: any Translation: Interface address</the>

Ah, good info. I'll give that a try, thanks. I'm just doing the prep work at the moment before I add any rules to the firewall. All I've done is Create the CA, for OpenVPN client Create the OpenVPN client (showing as UP) Create the interface OPT1 and set it to port ovpnc1 the problem i have is, as soon as i enable OPT1 interface and reboot, all my internet traffic stops nothing has been configured by me to use OPT1, so why is this?

Which end is server and which is client as long as the routing is correct. If you're using SSL/TLS then you may have been passing the routing from the server so switching roles may have corrected something there. Steve

It worked, and you were right it was a user's cert and not the server. Thank you!

@ashima: At the client site how should I configure so that if  WAN1 of headoffice goes down, it should automatically connect through WAN2 of headoffice. I just realised custom option in Advanced Configuration  can have remote WAN2 port udp This will connect to the WAN2 if  WAN1 at headoffice fails. But do I have to redistribute the certificates to the client after making the changes at Server. Thanks, Ashima

@stephenw10: Try using other GCM bit sizes, 128 maybe. Are you running any hardware offloading? Try disabling that. Steve Resolved, the server I was trying to connect did not have openVPN 2.4. After I specified the correct server it worked just fine!