How to let ONLY ONE interface use VPN?
-
It is usually better to route the traffic you want to go over the VPN over the VPN, not route the traffic you don't the other way.
I would prefer that as well. The guide that I used to configure my VPN on pfsense just routes everything through the VPN.
-
Be more specific. What error? Exactly what are you trying to connect to from where?
On the "networkGUEST" interface there is a Wifi AP. I'm just testing connectivity using a laptop connected to that wifi network by going to websites and checking to see if programs are able to use the internet (i.e. cloud programs, AV, etc.).
-
I tried enabling don't pull routes. That kills the internet on both of my interfaces. It gives an identical "too long to respond" error on both interfaces.
No idea what you've done then. Your WAN_GW should be marked as the default gateway. Disabling redirect gateway on the VPN client should not impact WAN at all.
Love these internet walkthroughs.
Learn how to troubleshoot exactly what is broken using ping, dig/drill, telnet, etc. If you can identify exactly what is failing, maybe there's a chance at getting some forum help.
https://doc.pfsense.org/index.php/Connectivity_Troubleshooting
Oh, and again, there's a hangout on Connectivity Troubleshooting too: https://portal.pfsense.org/webcasts/index.php?video=172174964
Wired, wireless, doesn't matter. Those aren't specifics.
-
WAN Gateway is marked as default.
I don't have a membership for that video.
-
Maybe that should be remedied. They really do cover everything you're trying to do.
-
I have posted a Bounty for this https://forum.pfsense.org/index.php?topic=120371.msg665710#msg665710, so I'm willing to pay for the solution. But would prefer to pay someone that can remedy my problem specifically, instead of paying for access to a video that may or may not help solve my specific problem.
If you're willing let me know what you feel a reasonable price is and I would be happy to open up a TeamViewer screenshare for you or provide you screenshots of whatever you like to solve the problem (if I can afford you).
-
Any takers?
-
I've now got policy based routing kind of working.
I turned on don't pull routes and put a pass any rule at the top of my rules on LAN that selects the VPN interface, that successfully has the internet working and using the VPN IP, but now my DNS is leaking. Not really a big deal to me but I don't know why? I've entered my VPN providers DNS Servers both in general setup for the VPN Interface and under the DHCP servers. But now dnsleaktest shows my ISP DNS, why?
But my other interface (Guest interface) that I don't want to access the VPN still doesn't work. Regardless of whether I set an allow any rule at the top of the rules for default gateway (WAN) or explicitly set it as WAN.
Changing the LAN rule to use the WAN gateway also breaks the internet on that interface.Both gateways are showing UP.
What's going on, again I'm willing to pay a reasonable bounty for this. I just want it fixed and not be dealing with it anymore.
Can open up a TeamViewer screenshare to make it quick and easy for you.
-
I tried forcing the PIA DNS that my configuration was using without policy based routing by specifying those servers in the DHCP static configuration for a client computer per this thread https://forum.pfsense.org/index.php?topic=92981.0, but that just doesn't resolve at all anymore.
-
I went through all of the checks listed on the suggested connectivity troubleshooting page https://doc.pfsense.org/index.php/Connectivity_Troubleshooting, both with policy routing and without. Everything works either way, but I still can't pull up any websites on the Guest interface.
-
Fixed it, I had an old firewall rule from something I was experimenting with that was messing it all up. Works great as you suggested I configure it, thank you!
If anyone's interested I was able to figure out the DNS leak issue and patch it by reading this thread: https://forum.pfsense.org/index.php?topic=66305.15
