Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Mission critical pfSense firewall activities thru VPN ONLY?

    Scheduled Pinned Locked Moved General pfSense Questions
    4 Posts 2 Posters 503 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • V
      Velcro
      last edited by

      I want to make sure all my pfSense software updates and any other communication for my pfSense firewall go thru my VPN only. How do I configure this?

      What I think are my relevant configuration to my questions are:
      *I do not have any DNS servers assigned in General -> DNS Server settings
      *Using Unbound (DNS Server Override & Disable DNS Forwarder are not checked in General -> DNS Server settings)
      *In my outbound NAT I have my default 127.0.0.0 going thru VPN only
      *DNS Unbound has its "Outgoing Network Interface" set to my VPN interface ONLY

      I have my seperate VLANs working correctly i.e. Apple TV going thru WAN, others go thru my VPN. My question is specific to any pfSense software updates or any other firewall "home calling".

      Eternally grateful to any thoughts…

      Thanks V

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        Outgoing requests from the firewall will follow the default gateway. For updates to go over the VPN, the firewall's default gateway would have to be (at least temporarily) changed to be the VPN.

        The exact method for that varies by VPN

        Remember: Upvote with the đź‘Ť button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • V
          Velcro
          last edited by

          I have managed to get my Lan traffic to go thru VPN, however my default gateway is still my WAN. In earlier research I think this was advised….

          I currently use PIA...my wish list would be that all my downloads(pfBlocker lists...some are hourly), pfSense updates, package updates including Snort rules(every day I think...could be weekly) be updated thru VPN.

          Is it a simple case of changing my default gateway to VPN?

          Your point that "temporarily" change and prior experience with initial setup tells me its a little more involved. I couldn't find specifics...

          Any help would be greatly appreciated.
          V

          1 Reply Last reply Reply Quote 0
          • V
            Velcro
            last edited by

            I am still trying to find a good solution to secure my software updates(pfsense and packages) and "Cron like" events(Snort, pfBlocker rule/list updates).

            I get how a temporary change might be practical for software updates but for "Cron like" events it likely won't work.

            Any suggested best practices or thoughts?

            Happy New year and thanks again for pfSense and the package work!!!

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.