Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Help please? Home openvpn, 1 pc needs to go through vpn, others wan

    Scheduled Pinned Locked Moved OpenVPN
    5 Posts 3 Posters 578 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      Spectrum48k
      last edited by

      Hi Guys, I thought I had everything working but for some strange reason, the box stopped being able to resolve DNS for some reason

      I've now got a clean install of pfSense 2.4.1
      All I've done is run through the wizard and it connects and to my ISP fine
      1x WAN port, 1xLAN port
      The box offers DHCP to the LAN, 192.168.1.100-199
      I've set up a CA for my openvpn provider
      I've added the OpenVPN client, which connects successfully
      I've added the OPT1 interface, which points to the OpenVPN client

      Can someone explain the steps from here so that only the PC 192.168.1.10, goes through the openvpn?

      Whatever I did in the past, cocked up DNS resolution

      Thanks in advance

      pfSense 2.4.1
      Intel Atom E3845 Quad Core 1.9GHz AES-NI
      Intel Gigabit Ethernet x4
      pico-ITX form factor
      16GB mSATA
      2GB DDR3L

      1 Reply Last reply Reply Quote 0
      • V
        viragomann
        last edited by

        Presumably you have added a firewall rule for the PC 192.168.1.10, allowing access to any over the VPN gateway.
        And your PC is configured to use pfSense for DNS, which isn't possible over the VPN gateway.

        You either have to allow also DNS and DHCP (if applicable) (or any) access from the PC to pfSense or set the PC to use an external DNS.
        The first way will cause DNS leaks, the second will avoid it.

        1 Reply Last reply Reply Quote 0
        • S
          Spectrum48k
          last edited by

          so far I haven't added any additional NAT or FIREWALL rules from the above

          Firewall > NAT > Outbound

          1. switch from auto to manual
          2. Add rule:

          interface:OPT1
          source: 192.168.1.0/24
          description: LAN > OpenVPN

          Firewall > Rules

          1. Add new rule, place it at the top

          • 192.168.1.10 * * * OPT1
            2. Alter existing LAN to ANY rule to specify gateway
          • LAN net * * * WAN

          pfSense 2.4.1
          Intel Atom E3845 Quad Core 1.9GHz AES-NI
          Intel Gigabit Ethernet x4
          pico-ITX form factor
          16GB mSATA
          2GB DDR3L

          1 Reply Last reply Reply Quote 0
          • V
            viragomann
            last edited by

            @Spectrum48k:

            2. Alter existing LAN to ANY rule to specify gateway

            • LAN net * * * WAN

            This rule will only allow upstream traffic, since you have specified the WAN-GW. It will not allow access to pfSense for DNS or DHCP. Don't know if you need that.
            Otherwise go to the vpn client settings and check "Don't pull routes" to prevent setting the default route to the vpn gateway and withdraw the LAN net to any rule.

            1 Reply Last reply Reply Quote 0
            • B
              bcruze
              last edited by

              firewall > rules > lan

              add the ip of the devices to the list, then under the settings change the gateway to WAN_dhcp.

              this is how i allow netflix to play on my TV while the rest of the network is under PIA VPN

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.