NordVPN and Pfsense with LAN and OPT1 Routing, can't access IoT device with VPN enabled
-
Hello
I have LAN setup with 10.10.0.1 dhcp configured, OPT1 with 192.168.99.1 dhcp configured. Everything worked great and I could ping everything on both LAN and OPT1 and i could reach any IoT sites or web interface from my main windows computer.
I then configured NordVPN and everything went well with the setup except for Netflix and a couple of streaming services. So I created VPN Gateway groups to fix and a couple of rules on the LAN firewall to fix this issue.
Now the the problem is when NordVPN is disabled everything works perfect, but as soon as I enabled it I loose the ability to go to any IoT devices web page on the 192.168.99.1 network.
Before I could go to any of the 192.168.99.1 network addresses and configure what ever i needed.When I ping from my windows computer I get this:
10.8.2.1 is the NordVPN Gateway
Am i missing something?
Do I have to create another NAT Outbound rule for the 192.168.99.0 network.
Thanks
-
@ace-1 Show the rules.
-
-
-
@ace-1 Create an RFC1918 Alias for you LAN, it can't work if the nord-gateway (or any other gateway) is first for destination any.
Or just make a rule LAN to OPT without a gateway on top of LAN. -
Like this?
-
That works for my IoT devices now but I loose my VPN for 10.10.0.9.
Created the second rule you said and it worked, VPN up on 10.10.0.9 plus I can get the IoT device webpage.
Your a genius !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! -
-
@ace-1 said in NordVPN and Pfsense with LAN and OPT1 Routing, can't access IoT device with VPN enabled:
Your a genius !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Or you have to learn some more of the basics.
-
Your probably right about that, I still can't get my head around the firewall rules. I am looking in the logs to see what is happening but it seems the basic stuff controls everything.......well I will continue to keep reading.
Thanks again for the help -
@ace-1 It is easy.
For instance, your rule there has a destination of any (everything) and it has a gateway set, which means, everything has to go through that gateway out to the internet, so no chance for you to connect to IoT anymore.
