NordVPN Client only for specific hosts

Tom777

Thanks guys!

So I will do the following

check Don't pull routes - "Bars the server from adding routes to the client's routing table"
change the IPV4 rule to Nord only for Alias (specific hosts)
Create a second IPV4 rule for the local network, that goes trough WAN below the one already there for Nord

@Gertjan I will check this tutorial and adapt. At a first glance is looking like to one from Nord.

Tom777

Hey guys, I've messed it up.

I started (during a Teams cal ) to add an Alias, and to edit another one. None of them were in use.

Teams showed suddenly that I do not have I-net connection but I was able to continue the call. After a restart no internet.

What I saw in the status is that the WAN_PPPoE has no connection but the NordVPN Gateway has? That is strange. How can this be, VPN connection without internet?? see screenshot

I thought, maybe I've clicked something else by mistake, and restored the config it worked before this.

But no change!! I had a manual backup under automatic backups, and also downloaded a file under backup service or status, don't remember where it is. Both did not restore the previous state.

That is even more crazy! How can I dare to do something, if the backup and restore function do not work??

I'm now on my old router.

Gertjan

@Tom777 said in NordVPN Client only for specific hosts:

What I saw in the status is that the WAN_PPPoE has no connection but the NordVPN Gateway has? That is strange. How can this be, VPN connection without internet?? see screenshot

Your real question is : why the DE103NORD ..... gateway says it's "online" ?
Because an gateway is considered online when ping request are send out on that interface to some 'host', and answers are coming back ! The gateway is shows green and online.
And there you have it : who is getting pinged here ? Answer : the interface VPN itself - the one on your side : 10.100.0.1 :

Normally - and now you know why, a monitor IP like '8.8.8.8' is chosen. Or any remote (!) IP as long it on your site.

If your WAN_PPPOE is down, then your VPN can't work niether, as it needs WAN to get out.

Btw :
I guess I don't need to tell you now that this :

isn't gona work neither.

The 10.0.0.1 is a PPPOE connection, which stands for PPP over Ethernet. Such a connections has to be establish first also, a bit like a VPN connection. It isn't up yet, so the 10.0.0.1 isn't valid right now.

Tom777

@Gertjan Thanks, now I understand the false online state.

But how did that happen? Editing/adding aliases that are not in use, should not have any effect, should they?

More important: How can I restore the functioning state? I have i-net connection with the old router.

Gertjan

@Tom777

Restart, and go by steps.

First, out of the default pfSense state (WAN uses DHCP), switch WAN to use PPPOE and make that work.
Be aware this is PPPOE so modem (ISPs) can be MAC locked.

Then, and only then, save (export) the config of pfSense and give is this special name "known-to-be-good-at-20240924.xml" and from now on you can start thinking about a VPN.

Tom777

@Gertjan said in NordVPN Client only for specific hosts:

First, out of the default pfSense state (WAN uses DHCP), switch WAN to use PPPOE and make that work.

Oh boy, so no chance to restore what I have backed up yesterday? It worked perfect, but everything went over NordVPN. I thought, I can restore this state.

@Gertjan said in NordVPN Client only for specific hosts:

Be aware this is PPPOE so modem (ISPs) can be MAC locked.

I have an ONT, the (any) router can be connected via cable ONT LAN - router WAN,

Gertjan

@Tom777 said in NordVPN Client only for specific hosts:

Oh boy, so no chance to restore what I have backed up yesterday?

Look in /cf/conf/backup/

there are a lot of backed up copies.

With the SSH (or console) option 15 :

you can take your pick and go back.

Tom777

@Gertjan

Hi, I've set up pfsense from scratch. Restoring via xml file did not work trough GUI, and I was not able to connect via ssh. Later I found the ssh enabler in the GUI, but too late. Still, to not be able to restore a backuo is giving me quite big concerns, as I'm using it for work.

But still no IPS connection on WAN via PPPoE

This is now strange since the old router gets connected asap. And it is not the Router from the ISP, it is a Vilfo router. Maybe I have done something wrong in the setup of the pfsense? But the first time I've done it the same way. I'm really lost now.

Gertjan

@Tom777

Do you have the pppoe login credentials from your ISP ?

Can we see the PPP logs ? (Under System, or PPP ? Not sure, as I've not used pppoe for a long time)

Tom777

@Gertjan said in NordVPN Client only for specific hosts:

Do you have the pppoe login credentials from your ISP ?

sure, using them with the Vilfo router.

@Gertjan said in NordVPN Client only for specific hosts:

Can we see the PPP logs ?

Will do this after work today or maybe tomorrow.

Edit:

I saw on the ISP account site that there was a sucesfull connection with the pfsense but it last only for 2 or 3 minutes

Gertjan

@Tom777

As a test, disable gateway monitoring.