best way to NOT route work traffic through pfsense and ProtonVPN

socks

I work in IT but not in networking. This was my home project. I have everything working more or less, but it is a pain now to have work traffic (i'm now WFH) route through a ProtonVPN server. Setup is CableModem-->pfsense --> wifi router (set to not act as DHCP server). I can't watch Netflix or Hulu yet but my heart is not broken. My biggest issue is finding the BEST way to connect to work. There are a lot of different answers. I work for a very large company, and since I work in IT there is usually a lot of data going back and forth, somehow even if I use my VDI. I have read the suggestions, I just don't want to break my home network right now (that would be very, very bad) but I do need to speed things up a bit.

Can someone point me in the right direction?

JKnott

@socks said in best way to NOT route work traffic through pfsense and ProtonVPN:

Can someone point me in the right direction?

Thata way ---->

Many companies use VPNs to allow remote access. You need to find out what yours does and use it. I've never seen a company use anything other than IPSec. Various companies, such as Cisco, Adtran and others provide there own VPN software, but it's all IPSec underneath. The employer often includes the necessary software on employee computers.

You need to talk to the other IT guy, the one that does networks, to find out what's needed. PfSense supports IPSec clients, as well as OpenVPN.

socks

So do I make an exception for IPSec traffic?
I want to make sure I'm not using MY VPN when connecting to "work . com" and all IPs associated with it because that is just doubling up and mucking things up, even when using my VDI.
I know what's installed on my work computer. What I'd like to do is seamlessly connect to work from any system and let pfsense handle whether or not to route it through protonVPN.

JKnott

@socks

Do you know what your company requires? Until you know that, you can't do anything. Do you have a work computer at home that has a VPN installed? If so, then just filter on that computer or it's traffic. For example, you could configure the DHCP server to map that computer to a specific IP address, which is then used for filtering. You could filter on the destination address. You could filter on the protocol. It's entirely up to you, but you need to know what you're working with. If you want to connect from any system, then you need to get the VPN config info from your employer's network admin.

bcruze

https://www.techhelpguides.com/2017/06/12/ultimate-pfsense-openvpn-guide/

i do this. i have DHCP addresses(the alias is called DHCP) is 192.168.1.100-192.168.1.115 go out the wan bypassing your VPN.

then create alias's and have them go out the proton network. that link will help you do that exactly

socks

@JKnott thanks, I think i get it now. I was trying to see how far I could get without asking for "help" from workmates, but this is more of an information request.

socks

@bcruze thanks - I'll look into this as well.