@viragomann said in Bypass VPN for specific www site:

If I access www.alliantcreditunion.com I get redirected to www.alliantcreditunion.org, which is another IP. So you will have to add this FQDN to your alias as well.
Also the site may contain further parts which come from other sources and also need to be directed over the WAN GW. You can use browser tools to investigate.

Interestingly enough is I am able to access www.alliantcreditunion.org just fine. Something will not allow me to access the login page

pfSense does not impose any requirements on passwords at the moment. You will get a warning if the password is left as pfsense but that's it.

The first thing I would do is update to 2.4.4-p1

no i have a static ip so i am not using aliases.
i just think i am doing it wrong.
no one confirms if i am doing it right or wrong. can someone help. here is my exact setup and what i am doing

openvpn server 192.168.1.0/24
openvpn client 1 192.168.2.0/24 (tunnel 10.0.1.0/30)
openvpn client 2 192.168.3.0/24 (tunnel 10.0.3.0/30)
client 1 and 2 reach the server with NO issues

but client 1 talking to 2 or 2 talking to 1, does NOT work. i can only reach from 1 or 2 to the main openvpn server

so i was told to assign the 2 openvpn on the main server to an interface. then i enabled those 2 interfaces
as soon as i do this.
client 1 and client 2 lost their connection to the server

then i was told to go to firewall rules, openvpn tab, create a new rule as follows:
action: pass
interface: openvpn
address: ipv4
protocol: any
source: the assigned interface from client 1 openvpn
destination: the assigned interface from client 2 openvpn
i wrote a description and saved.
but this does NOT do anything. i am still without connection to the main server openvpn from both clients. not sure what i am doing wrong!
please advise

@chpalmer

The machines in question are a linux box (firewall off) and grandstream phones. (cant connect to the phones web interface and the phones can't register to the pbx server (the linux box). Oh plus there is a synology NAS that can't be reached either. So no, no windows firewall or any other firewall.

All, many thanks for the help and the insight.

This honestly wasn't supposed to be difficult.

I've decided to get rid of pfSense altogether and use the facilities my commercial host has. It's not ideal, but it does work.

All I was trying to do was access my private network remotely as I've done numerous times before with a variety of products.

This has just cost me too much time as it is.

Thanks again

I have solve the problem thanks to this post:
https://forum.netgate.com/topic/101293/route-all-traffic-thru-vpn-except-for-modem-gui-access/2

but i have a new question, is there a way to open a port and access webgui modem from vpn public ip?
Stefano

For posterity...

I decided to set up a separate OpenVPN server for each group of users. In the end it was the cleanest way to differentiate between the groups by assigning a unique subnet to each instance of OpenVPN. Client Specific Overrides is an interesting feature and might have allowed a portion of what I was looking for, but did not offer a complete solution.

Thank you,
cdunbar

Jimp. I already solved it, what happens is that they have to wait about 3 minutes for the openvpn to discard the connection through the wan that is below. Thank you

@pippin thanks for the advise. I haven't set up this particular pfsense myself. I needed to stabilise the VPN and I will build a clean one with the first chance. There are too many crap stuff in there too many changes have been made inside there from people who didn't actually know how to configure it properly. Will do my study before I make a clean one.

I got a Rule that sorts out traffic trying to connect to my LAN from the radio network.
For the rest its fine since i run the other network anyway 😁

@rico Thanks for sharing

What would fail with bogon still blocked is bogon's - but pretty sure pfsense pulls the rfc1918 space that is normally in bogon out... And lists in the different rfc1918 listing.

rfc1918 is a bogon ;) Well if you want to get technical about its - better term is prob martian...

I watched this Youtube video from Lawrence Systems: https://www.youtube.com/watch?v=7rQ-Tgt3L18

At the 13 minute mark, he points out that one needs to add a line to the end of the config file created by VPN on the local computer being used to access the remote computer: redirect-gateway def1

On another website it was suggested that I might need to add a line in the pfSense firewall to the file found under VPN/OpenVPN/Server. I edited the file and under Custom Options added: push "route 192.168.xxx.0 255.255.255.0"

I'm not sure which of these two additions did the trick, but the net result is that now I can connect from a remote location both to the pfSense GUI and to my desktop computer.

So ... problem solved!!

ok thank you I look at it

Now all of a sudden DNS resolution stopped working on all of the clients on my internal network. o_O

Restarting unbound and the client machines doesn't fix it. My network just hates me right now.

edit Disabling pfBlocker fixed DNS resolution.
edit2 Suddenly, my firehol blocklist rule was adding all of the internal clients on my network to blocked hosts.

To close resolve) this one :
@rsaanon said in [Solved] dnsleak results show no leak, but IP address lookup shows internal/lan IP:

I would have like to have pasted the screen shot of the above two tests, but I'm not sure how to include the screenshots on this forum.

Copy the image fist (hit the print screen touch on windows keyboard to have the entire screen or use the build in capture tool) and then Paste it here while your typing your post (windows PC : Ctrl-V) .

0_1544291117302_fa375696-e1a0-491f-bfd2-6170242f562e-image.png