Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    trafic sortant par vpn, si vpn KO bloquer le trafic

    Scheduled Pinned Locked Moved Firewalling
    5 Posts 2 Posters 327 Views 2 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R Offline
      rds25
      last edited by

      Hello,
      I have a problem with outbound traffic only over VPN.

      The default gateway (without vpn): WANGW
      The gateway with the VPN: INT_VPN_OUT_VPNV4

      My firewall rules:
      0a95246e-32fb-4666-9879-5a7287ae3539-image.png

      Line 1 I say all web traffic goes through "INT_VPN_OUT_VPNV4"
      Line 2 I say all DNS traffic goes through "INT_VPN_OUT_VPNV4"
      Line 3 I say all ICMP traffic goes through "INT_VPN_OUT_VPNV4"
      Line 4 I say all remaining traffic is blocked.

      If I say allowed traffic must pass through a defined gateway. Why if the VPN gateway drops all traffic goes through the default gateway.

      Thank you for your lights.

      1 Reply Last reply Reply Quote 0
      • Alejo 0A Offline
        Alejo 0
        last edited by

        Your question is not that clear to me but, even when you use a VPN connection, all traffic will pass first through the default gateway the difference is that the traffic it is now encrypted on the wire.

        A VPN connection does not magically make your outgoing traffic magically ignore your default gateway to your VPN endpoint or gateway.

        Outgoing traffic will always go through your default gateway unless you create a different route, in which case, your INT_VPN_OUT_VPNV4 must be your default gateway for that route and the interface's IP should be reachable within the same network.

        Firewall rules won't change packets route, you should use System > Routing for that.

        Not sure what you are trying to accomplish, so please can you explain with more details.

        Merci

        The darker the night, the brighter the stars.

        R 1 Reply Last reply Reply Quote 0
        • R Offline
          rds25 @Alejo 0
          last edited by rds25

          @alejo-0

          The default gateway is WANGW because it is the direct gateway used by other devices.

          I have an IP address "192.168.10.120" which must go through the VPN, and in the case where the VPN and down in no case the traffic must go directly through the gateway without VPN (WANGW).

          Currently when the VPN gateway is working, the WEB and DNS flow is routed through the VPN gateway.

          I just have to fix the problem of when the VPN drops.

          Here is my setup:
          463cb246-b7b0-4211-b335-6699cc6ec071-image.png

          If I change the default gateway to "none" the VPN daemon no longer connects.
          I'm just trying to do a "kill switch".

          R 1 Reply Last reply Reply Quote 0
          • R Offline
            rds25 @rds25
            last edited by

            @rds25

            Ok I found the solution by using "tag" and tagged" to do KILL switch with the rules.
            Thanks

            Alejo 0A 1 Reply Last reply Reply Quote 0
            • Alejo 0A Offline
              Alejo 0 @rds25
              last edited by

              @rds25

              Ok I found the solution by using "tag" and tagged" to do KILL switch with the rules.

              There is an option for "kill switch" in Routing > Gateways > Edit:

              51c563e8-3e00-4498-9105-b238731e2bbf-image.png

              This is perhaps what you want, I didn't see any "tag" or "tagged" options with the rules.

              Either way, happy to help!

              The darker the night, the brighter the stars.

              1 Reply Last reply Reply Quote 1
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.