OPT2
-
I have an actual network card OPT1 for WAP.
(It was working but I've reinstalled and not configured it yet.)
I'm thinking to get NordVPN, there's quite detailed setup instructions for working with pfsense which mention OPT1.
Is this like not a real interface but a way to direct LAN traffic through OpenVPN ? So I can make an OPT2 and follow documentation as OPT1? -
@zemlik
You need a gateway to route traffic to. Assigning an interface to the OpenVPN client is the way to get it.
If you checkout Status > Interfaces you can see the interfaces and the dedicated gateway.OPT1 is just the default name. You can change it to another friendly name if you want.
-
@viragomann
I'm not very good at this stuff.
The ISP's router is connected to pfsence PC WAN network card.
Switch connected to pfsense LAN network card
Not configured WAP connected to pfsense OPT1 network card.
PCs connected to switch.
Are you saying that OPT1(OpenVPN) is a physical interface or software interface?
It's the traffic on the switch wants the option of going through OpenVPN. -
Are you saying that OPT1(OpenVPN) is a physical interface or software interface?
It could be either.
If you go to Interfaces > Assignments you will see a list of you assigned interface. WAN and LAN are assigned by default if the network ports are available.
Others can be assigned manually. pfSense call them OPT1, OPT2, ...If there is any network port available, either physical or virtual, pfSense displays "Available network ports:" and you can select one from the drop-down.
Virtual ports can be OpenVPN or WG instances. So is you set up a client for NordVPN, you will see ovpnc1 or alike there.
As mentioned, assigning an interface to the VPN instance gives you a gateway. This can be used in a Policy Routing rule on LAN to direct traffic, which is coming in on this interface, over the VPN.
-
@viragomann
If I set up virtual port assigned to LAN can I easily enable/disable for network PCs to use/not use NordVPN -
If I set up virtual port assigned to LAN
Why want you do that? You LAN is connected to the switch and I think it should stay.
Read the policy routing docs I linked above. That's the way you have to to it.
Add a pass rule without a gateway after the policy routing rule, so you can then disable and enable the rule to control whether you go over the VPN or not.Or also possible, create a gateway group with the VPN as tier 1 and the WAN as tier 2 and use this in the policy routing rule. Then you can control the flow by enabling / disabling the VPN.
-
@viragomann
you said "assigning an interface to the VPN instance gives you a gateway. "
probably I'm confusing "assigning an interface to the VPN instance" with "assigning a VPN instance to an interface" or something. I'll get there eventually.
cheers