I don't want to load balance or fall over, I need 2 WANs independent
-
Just policy route the traffic you want to a specific WAN gateway instead of a failover/load balance gateway group.
-
Thank you for your reply. How would I go about it? The most I've done in pfSense was to follow a tutorial for setting up a VPN service.
-
Countless examples here for policy routing. Please search first.
https://doc.pfsense.org/index.php/What_is_policy_routing
-
If you 3 NIC's on your Pfsense box then why do you need more?
- DSL
- SAT
- LAN
Set up DSL and SAT in interfaces then inside your firewall rulebase create rules for things like FTP and in one of the advanced dropdown boxes you can select the WAN interface the traffic needs to be routed out of.
As Derelict said, it's literally routing selection within the policy. (same principle but different nomenclature to things like cisco PBR)
-
On watching several videos and reading some more about it I have decided to let pfSense handle both WANs, I was looking for the easy way out keeping a router as my DSL hookup because it is very easy to setup the OpenVPN that way(I feel ashamed). I will take the time to learn and to use pfSense to handle both my VPN and my unencrypted satellite connects then pass them into a wireless router configured as an access point to distribute to my house all the APs in it. One thing I really want to learn about is how to setup a VPN kill switch in pfSense and have it NOT re-route my traffic to satellite if the VPN goes down. Instead have it wait until the VPN is restored.
I have books ordered and have been watching videos but the most nfo I got was searching this forum but I am still unsure how to go about it exactly. I have been reading in particular this post by Derelict:
https://forum.pfsense.org/index.php?topic=84463.msg463226#msg463226
what I am unsure of is how to keep the requests from seeing that the VPN is blocked then just using my other unencrypted WAN instead.
Thanks -
Search NO_WAN_EGRESS in the search box above.
Actually, that appears to only search recent posts. Use search in the menu bar.
You basically tag traffic that should go out the VPN as such and block it if it is going out a WAN interface in-the-clear. Best way, IMHO.
-
Thanks Derelict, please continue to help me I am learning.
I need to know how to setup DNS for one WAN(DSL VPN) but not have it effect the other (satellite non VPN, get the provider's DNS automatically). The videos I have been watching either assume that I have one WAN or am trying to load balance. I have searched this forum but do not seem able to find this information. -
No idea what you're talking about.
DNS queries are done by a client, not a firewall. You will have to be more clear about what you are looking to accomplish.
Are you trying to circumvent snooper's charter?
Trying to avoid DNS geolocation for video streaming?
??
It's a lot easier to give you advice if you are not being cagey about what it is you are trying to do.
-
Yes I stream. But I also don't want geolocation at all because the DSL is my family's connection.
in the videos to set up my VPN it says to enter the DNS on SystemGeneral Setup page but if I do that from there won't that be setting it for both WANs? -
Still not close to enough information.
DNS is generally done by the clients. If a client is configured to use internet DNS servers and all internet traffic is forced out the VPN then all queries will appear to be sourced from the VPN.
There are about 1000 different ways to configure a network. You are going to have to be more specific about what you want to do.
-
I think that you misunderstood. I am not trying to force ALL traffic to use the VPN just browsing and basic services I want routed to the VPN both http and https especially, and my daughters' games and Netflix.
Every thing else must go out on the unencrypted satellite connection.
