@Gertjan
You will gather I'm a newbie and more often I can break what is already configured and working! Simple traps like disable the LAN for testing on the webGUI, lose everything, no GUI, no SSH then I recover the box, hook it up to peripherals and use the last but one backup.
Thanks, yes I already spotted the default /32 netmask and changed it to /24. My routing problem was linked to assignments, what physical ports were assigned when I first installed the image.
The reason all my clients are static IP is I could find no easy way to filter via DNS to allow some clients and websites to go to VPN and others to bypass VPN? Yes I could configure the TV for DHCP since it is now on its own subnet without routing via VPN. In UK some video streaming services detect proxies and block access over VPN.
My LG 'Smart' TV is getting old now. The LG WebOS seems very slow (compared to pc browsers). I suspect the TV processing and memory storage for apps is insufficient when I do want HDTV streams. I may solve all my streaming speeds and data link to the LG server by switching to a HDMI mini PC on my new pfsense TV port and just use the TV as the display device.
Others have already posted a huge list of servers LG smart TVs can connect to in the background. A dedicated pc for TV and subscription services should simplify firewall rules for privacy. Most forget that once registering a smart TV warranty, the TV serial number, IP address and any email addresses given are linked to you.
Gertjan - Thanks for your input, I will try that out. I already use pfBlocker on the private LAN. I forgot about creating a static MAC lease for the TV.
