How do I VPN only 1 host device?

seitys · Oct 31, 2014, 3:26 AM

http://i.imgur.com/pQFlQy0.png

http://i.imgur.com/6UHhYfz.png

How do you post images? I'm a newb at forum stuff.

kejianshi · Oct 31, 2014, 3:33 AM

may I see you alias for desktop also please?

seitys · Oct 31, 2014, 3:38 AM

http://i.imgur.com/F3ZnsdP.png

kejianshi · Oct 31, 2014, 3:47 AM

In your outbound NAT, what is that 207 address? Why doesn't that just say WAN?

seitys · Oct 31, 2014, 3:51 AM

its my WAN IP. It says the actual IP instead of WAN because that is the default setting. If I were to remove it and add it again, it would show up as WAN, not the actual IP in numerical form. The only 3 choices in the translation section are interface IP, host alias and other subnet.

kejianshi · Oct 31, 2014, 3:54 AM

I'd make it WAN.

Then I would delete those first two firewall rules you added on the LAN where you modified the gateway.

Then try it.

seitys · Oct 31, 2014, 4:00 AM

Still the same result.

Why are the firewall rules and NAT outbound rules redundant?

From my understanding:

NAT rules translates my internal IP to an externally registered IP.

Firewall rules dictate what traffic can be allowed into my network.

Aren't those 2 different functions?

kejianshi · Oct 31, 2014, 4:02 AM

perhaps this is a 2.2 weirdness.

seitys · Oct 31, 2014, 4:19 AM

okay here is something.

Before, every how-to guide mentioned the VPN as another gateway but with the settings in how-to stickied above, the gateway was always offline. BUT, if I remove "redirect-gateway def1" from the advanced setting when configuring vpn, the gateway now shows as online.

Now that I've done that, the opposite thing happens. Only some of the traffic is going through the VPN but my desktop IP is not showing the VPN IP. And I'm not sure what traffic is going through the VPN but its much less than before.

kejianshi · Oct 31, 2014, 4:26 AM

Are you opposed to posting your vpn config?

seitys · Oct 31, 2014, 4:41 AM

http://i.imgur.com/t5R0NNB.png

http://i.imgur.com/Lz20eYt.png

Here's what I learned in the last 5 minutes.

If I have the NAT outbound settings like before and I have the firewall settings as before (on the LAN interface) OR if I create a firewall rule to allow any traffic in on the VPN interface, then my traffic goes directly to the VPN. I tested it by running trace routes to google.

However, my IP still doesn't show as my VPN IP.

Edit: my last 2 posts on this forum logged my VPN IP but for some reason, when I run whoer.net/ext, my VPN ip doesn't show up.

kejianshi · Oct 31, 2014, 4:44 AM

You know… Mine was set up really different than this.

The server side was set up to tunnel all traffic across the vpn.

The client side was set as remote access.

There were no rules on the firewall set at all.

And just a manual outbound NAT rule for the IP(s) I wanted tunneled.

seitys · Oct 31, 2014, 4:52 AM

Was your setup the same or similar to mine ie. using a external VPN service?

Or were you connecting to another pfsense box running a openvpn server?

Do you mind sharing your config?

kejianshi · Oct 31, 2014, 5:05 AM

I set it up with another of my pfsense openvpn at the server side.
I will pull up my VM that is set up this way, verify its functioning correctly and post something here.

ambsace · Nov 3, 2014, 5:44 AM

Hi,

Been working with Seitys on the same problem at the /r/PFSENSE sub-reddit.

He mentioned that this is appears to be a bug in the pfSense 2.2 beta. It's been solved for IPv4 traffic and they will probably get this working for IPv6 soon.

https://forum.pfsense.org/index.php?topic=80607.msg457724#msg457724
https://redmine.pfsense.org/issues/3760

Just thought I should update this thread.

kejianshi · Nov 3, 2014, 6:52 AM

Could be - I know there is a problem with replies going out pver the same interfaces they come in on.
I'm pretty excited about 2.2 once the bugs are worked out.
A well threaded pfsense will make a huge difference.