How do I VPN only 1 host device?
-
Yeah ignore what I wrote for that because the source for NAT outbound only has "any," "This Firewall (self)," and "Network" so I wasn't sure what to put there. If I put 192.168.1.0 then my entire subnet would be redirected to the VPN which is not what I want. I thought of creating a separate subnet but I was hoping I didn't have to because I think that could get messy when changing configurations.
Edit: I'm going to try
Interface: OpenVPN, Source: any, Translation: Desktop () and leaving everything else blank.
Edit 2: Okay but I just thought about it. Even if I added that outbound NAT rule, it wouldn't fix anything because it translates everything from my VPN to my 1 host and then it should go down the list, where it should translate everything else to my ISP WAN IP but it doesn't do that.
-
No - you need to have the ip of the desktop in there with a /32 behind it. And it needs to be top of list.
Interface: VPN, Source: 192.168.1.2/32, Destination: blank, Destination Port: blank
-
Why 32? My entire subnet range is only 192.168.1.1 to 192.168.1.254.
-
OK - here is the thing.
There is actually no need to create firewall rules actually if you are using manual outbound NAT.
You can just do it on manual outbound NAT.
Seems like you have mixed together a couple of how-to docs…
The reason you enter a /32 behind the desktop IP is because a /32 is one IP where as a /24 is 255. 256 if you count 0.
-
Interface: VPN, Source: 192.168.1.2/32, Destination: blank, Destination Port: blank, NAT Address: (my VPN address) NAT Port: blank
I just added that rule and my entire network still defaults to the VPN instead of just my desktop.
-
Can you post a pic of your outbound NAT and a pic of your LAN firewall rule?
-
http://i.imgur.com/pQFlQy0.png
http://i.imgur.com/6UHhYfz.png
How do you post images? I'm a newb at forum stuff.
-
may I see you alias for desktop also please?
-
http://i.imgur.com/F3ZnsdP.png
-
In your outbound NAT, what is that 207 address? Why doesn't that just say WAN?
-
its my WAN IP. It says the actual IP instead of WAN because that is the default setting. If I were to remove it and add it again, it would show up as WAN, not the actual IP in numerical form. The only 3 choices in the translation section are interface IP, host alias and other subnet.
-
I'd make it WAN.
Then I would delete those first two firewall rules you added on the LAN where you modified the gateway.
Then try it.
-
Still the same result.
Why are the firewall rules and NAT outbound rules redundant?
From my understanding:
NAT rules translates my internal IP to an externally registered IP.
Firewall rules dictate what traffic can be allowed into my network.
Aren't those 2 different functions?
-
perhaps this is a 2.2 weirdness.
-
okay here is something.
Before, every how-to guide mentioned the VPN as another gateway but with the settings in how-to stickied above, the gateway was always offline. BUT, if I remove "redirect-gateway def1" from the advanced setting when configuring vpn, the gateway now shows as online.
Now that I've done that, the opposite thing happens. Only some of the traffic is going through the VPN but my desktop IP is not showing the VPN IP. And I'm not sure what traffic is going through the VPN but its much less than before.
-
Are you opposed to posting your vpn config?
-
http://i.imgur.com/t5R0NNB.png
http://i.imgur.com/Lz20eYt.png
Here's what I learned in the last 5 minutes.
If I have the NAT outbound settings like before and I have the firewall settings as before (on the LAN interface) OR if I create a firewall rule to allow any traffic in on the VPN interface, then my traffic goes directly to the VPN. I tested it by running trace routes to google.
However, my IP still doesn't show as my VPN IP.
Edit: my last 2 posts on this forum logged my VPN IP but for some reason, when I run whoer.net/ext, my VPN ip doesn't show up.
-
You know… Mine was set up really different than this.
The server side was set up to tunnel all traffic across the vpn.
The client side was set as remote access.
There were no rules on the firewall set at all.
And just a manual outbound NAT rule for the IP(s) I wanted tunneled.
-
Was your setup the same or similar to mine ie. using a external VPN service?
Or were you connecting to another pfsense box running a openvpn server?
Do you mind sharing your config?
-
I set it up with another of my pfsense openvpn at the server side.
I will pull up my VM that is set up this way, verify its functioning correctly and post something here.