VPN with non-default gateway
-
I'm attempting to setup a PIA VPN by using the airvpn setup instructions at the following url.
https://airvpn.org/topic/11245-how-to-set-up-pfsense-21-for-airvpn/
I got pretty much everything working to how I want it except for the firewall default gateway rule. I have multiple interfaces and rules for each interface. When I change a firewall rule for a LAN interface from the 'default' gateway to "WAN_DHCP", it works for traffic that goes outside the firewall, but I can't use things internal to the firewall. So, for example….
I have an ssh rule from 10.0.112.5 to 10.0.110.3. When I set it to 'default', things work fine. If I change it to "WAN_DHCP", I can no longer ssh from 112.5 to 110.3.
How bad is it if you don't set the gateway away from default?
-
Perhaps start by reading this: https://forum.pfsense.org/index.php?topic=76015.0
-
Thanks for the information. I saw that and kind of flipped flopped between the two instructions. I think what's happening is that when I choose the "WAN_DHCP" gateway, it routes it out of the WAN_DHCP gateway….which is fine....but when it's an internal machine, if it goes out the WAN_DHCP gateway, then I would have to add a firewall rule to allow it from the WAN address instead of the subnet to subnet address.
With it selected to 'default', I get the impression that pfsense just routes it from one subnet to another, without going out of the WAN interface.
-
https://doc.pfsense.org/index.php/Bypassing_Policy_Routing