pfSense using VPN gateway instead of WAN
-
I was trying to resolve an issue where certain google devices would show no internet since they hardcode their own dns into the device. So I setup transparent dns proxy to redirect any port 53 request to go through my dns filter. Couldn't figure out why i kept getting a blocked (DNS provider block ip address) then found out that pfSense was going through my VPN instead (any ip address not registered to DNS filter provider will go to block page). When I turn off the VPN it goes through my WAN. Is there a route or setting I need to check to make pfSense only go through WAN and not my VPN?
WAN is setup as default gateway
VPN is Private Internet Access with interface and gateway to force client to go though VPN w/no egress floating rule. -
What is your outgoing nat rule for your vpn? Is it restrictive enough that this traffic should be rejected and go out your default?
-
It is outgoing for the whole subnet, I tried changing the order to before and after the WAN, and even disabling it all together with no luck. Disabling that outbound nat rule, that subnet isn't able to go out the vpn. But pfSense still goes out the vpn for some reason. Even after resetting states and restarting.
-
@its_maek Just a shot in the dark here, but I had similar issues that were possibly related... Have you ever used service watchdog? If so, check if there are any watchdogs running for VPNs that no longer exist.
-
@Lanna Lanna thanks for the advice I tried that but it wasn't it.
After digging around for almost a month here.
I found the issue!
VPN Server from Private Internet Access (PIA) created a route 0.0.0.0/1 when the interface is created.In OpenVPN client I had to select "Don't pull routes" and it no longer makes that route. pfSense 127.0.0.1 now properly goes through the default Gateway.