Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN Client - VPN.ht working good for 1 IP/device but failing over to WAN

    Scheduled Pinned Locked Moved OpenVPN
    4 Posts 2 Posters 1.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S Offline
      snailguy1
      last edited by

      Hi,

      i'm using a pfsense hardware device (Netgate SG-4860)

      i've successfully setup openvpn client to vpn.ht

      I only wanted 1 ip address to go through the VPN - Done

      problem - if the VPN is down, i do not want it to go through my default wan… but it does.
      I've scoured the forum as best i can..

      I've tried a blocking rule after the firewall rule, tried inverted allows for the rest of the lan etc.. nothing works.

      after lots f trial and error, i've come to the conclusion it has nothing to do with the rules - there must be some option somewhere (to do with the gateway/interface) which is allowing it to failover onto the WAN even though its set specifically to only go through the vpn interface.

      please can someone help

      this is what i've wound up with so far (and not working).

      I also notice, that some of my services carry on sending traffic to the WAN even if i start blocking everything (if they already have connections) -

      1 Reply Last reply Reply Quote 0
      • S Offline
        snailguy1
        last edited by

        sorry to bump.

        I'll donate 15$ for a fix to this.

        my NAT looks like this :

        1 Reply Last reply Reply Quote 0
        • M Offline
          mauroman33
          last edited by

          If you want that devices routed trough VPN stop connecting if the VPN connection is down, you should follow this guide:
          https://www.infotechwerx.com/blog/Prevent-Any-Traffic-VPN-Hosts-Egressing-WAN

          1 Reply Last reply Reply Quote 0
          • S Offline
            snailguy1
            last edited by

            thanks for this.

            it looked like it was all working - but, when disabled the VPN, it also took down my normal lan, not just the host i want to stop being able to access the net if the vpn is down.

            it's like it was marking all packets but it was only set for the one rule (the top one in the first post - below the default).

            I also tried the alternative method at the bottom and added back the block rule..

            any ideas?

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.