Want to Block 1IP from using Internet when VPN goes down

Derelict

The only rules you have routing out to WAN_PPPOE are from Games_Consoles

I suggest starting over with a default configuration and doing one thing at a time, getting that working, then doing one more thing, getting that working, etc.

comet424

thats correct... Game consoles goes out the WAN PPPOE

then the 192.168.0.11 Uses VPN Tag No WAN EEEGREES
then LAN net * * * * * next is using the Default Internat WAN_PPPOE becuse VPN is down

right now internet is totally disabled
even if you put the Default LAN allow lan rule to the top internet is disabled even after a reboot... so i not sure what happened in this config.. if it corrupted or something that its using the Default Internet but yet its blocking it at the same time which is the PPP0E

but guess ill go back to yesterdays config.. which is what you saw earlier screen shots when you told me to do the Tag Egress... thats the default we started with today which was working... and after i did what you told me and i then turned off VPN no internet works.. so thats frustrating

but ill try again tommorow as i tired... i appreciate the help so far

Derelict

Then you did not do what I said because what I said would have only impacted traffic from that single host.

comet424

yes i did what you said
like i said it was working When I turned off VPN disabled it the 192.168.0.11 lost internet
but trying to reactivate it... wouldnt work
and then my entire internet was lost...
as you can see i moved Lan Net to the top so it bypass's VPN you see it says its accessing internet yet nothing on the entire network has internet... its like its disabled but only thing i changed was the adding of the policy of Float and the Tag to the specific IP address

like i said
it was working then i disabled OpenVPN Client so i could see that 192.168.0.11 lost internet... i then tried reactivating my NordVPN client wasnt able to..

i now lost entire internet as it usually just skips the vpn and i uually use the WAN interface... but it isnt doing that... and i cant reconnect

but if i roll back to the day before the one i started with... VPN can log in.. i switch back to what we did its like the WAN connection is blocked on the network
i have had this kinda issue 3 times out out of the entire year since jan 2018 i noticed...
if i send the config file you able to see what its blocking?
but here is the rules

no internet2.JPG no internet1.JPG

comet424

so here you seen i grayed out all the rules.. and i created a new rule.. you see i have internet traffic but im block no internet.. yet it shows i i should be getting internet..

as you see in the gateway.. I am connected to the internet fine as i get a gateway but i have 100 percent loss... so where in rules is it blocking 100%
no internet4.JPG no internet3.JPG

Derelict

Your PPPoE is offline. Where is the traffic supposed to go?

comet424

ugh ill post picture.. like i said its nto offline
its up and you see 10.11.13.49 gateway monitor is 10.11.13.49
so its up but just a sec ill get you a photo
thats why i ask where else could it be blocking?

Derelict

Post the routing table from Diagnostics > Routes.

comet424

if i upload the config file is there an editor for you or diagnostic program to see whats wrong?
as reboots dont help
no internet7.JPG no internet6.JPG no internet5.JPG

sorry takes a bit to send back pics
as i restore the few days ago config to send you the pics but load up the config file we worked on in this topic and it just glitched or something and i wanna be able to figure it out incase it has happened again.. as its happened in 2 other times last year but all i did was format and started over... but since i have bunch of stuff setup i dont wanna format.. i wanna find out what went wrong

comet424

could it be because i use a gaming computer motherboard and non ECC ram... and while it was doing a save it saved a corrupt setting to block the internet..
as i always hear you want ECC ram for a server is it possible .. as i was looking at 1U Server supermicro but at 1200 + just to make pfsesne... my gaming computer under 500 was cheaper way

comet424

ok found the problem well kinda...
That Floating No WAN Egress is being applied when its not supposed to be called

and i tried scrolling up but i cant see the settings you told me but this is what i have.. ...

so even though no TAG is being called on any of the rules other then the 2 for 192.168.0.11

its like the rules are calling Tag No Wan Egress by default and not when its supposed to

floating 3.JPG floating 2.JPG Floating 1.JPG

comet424

here is that default lan settings... even though the tag is blank its still calling that floating no wan egress because if i un disable no wan egress tag under floating
internet is blocked
its like its being called hidden in the background

comet424

here is the one ip rule that calls the tag that should only be called when vpn is down but seems to being called whenever it wants to

comet424

so what i found is
if i reactivate the Floating Rule No Wan EGRESS
internet works fine..

but if i Do a reboot of Pfsense.. then that No Wan Egresss gets automaticlly loaded by default then blocks internet

then when i Disable Floating Rule
i get the internet back

then if i enable it internet seems to work fine and when i set to run VPN and then choose to disable VPN and restart it.. WAN is now 100% packet loss again
so i re disabled the Floating Wan Egress

it seems it loads it up like a windows service without being asked to... is there another setting to set so it doesnt do that?

maybe something i didnt check off

Derelict

Again, my suggestion is to save a backup copy of your current config and reset to defaults and start over. I really have no idea what you put where to break this and these screen captures of irrelevant data are solving nothing.

But before you do that, just put a LEGIBLE copy of /tmp/rules.debug in a chat to me please.

Diagnostics > Command Prompt

Execute cat /tmp/rules.debug

Copy / paste.
Thanks.

comet424

ugh
well i gave you screen shots of
-Tag No Wan Egress you told me to type
-LAN Net Default of Pfsense
-NordVPN 192.168.0.11 with TAG No Wan Egress

i was showing you each break down to show you that the Tag No Wan Egreess and i didnt do anything wrong..
and was showing you that No Wan Egress Tag gets loaded automaticlly not just when its supposed to

but ugh reset defaults then i gotta do all the Static Ip renamings i have too didnt wanna reset.. i wanted to fix this why

but ok ill get you the copy just a moment.. just frustrated

comet424

well you cant post rules its considered spam by your spam program forum.. i attached a text file of it hope it worksrules.txt

comet424

i didnt un gray the floating no wan egress so i dont know if that rule will show up

comet424

here is rules 2.. I enabled Floating No Wan Egress and re ran that debug cat thing you told me to do... hopefully you find my error as your smarter then me at this stuff

rules2.txt

comet424

so 5 min after i enabled the No Wan Egreess Tag under floating options to do the rules2 for you

i lost internet to 100 percent loss

so its still loading it some how