Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Bypass the vpn for specific server

    Routing and Multi WAN
    4
    11
    6400
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • ?
      A Former User last edited by

      Hey Guys,

      I have a pfsense network with private internet access running and all my traffic running through the vpn. (so if the vpn goes down the network goes down, this is how I want it).  So what I want to do now is setup duckdns for a specific server and port but I want that server to be routed through my WAN and not through the VPN.  I'm lost as to what rules to put in place to allow this.

      I've tried to setup policy routing in my LAN firewall rules like in my screenshot.

      I've also set the gateway in the advanced options to my WAN IP.

      Any ideas?

      Thanks!

      1 Reply Last reply Reply Quote 0
      • G
        gjaltemba last edited by

        On my setup, I would add a Outbound NAT for the WAN interface mapping source ip and port.

        1 Reply Last reply Reply Quote 0
        • Derelict
          Derelict LAYER 8 Netgate last edited by

          Destination WAN net is not the internet. Destination any is the internet.

          Just put a rule ABOVE the rule that policy routes that network to the VPN.

          Set the source to the host you want to route normally

          Set the gateway on that rule to none (default).

          Chattanooga, Tennessee, USA
          The pfSense Book is free of charge!
          DO NOT set a source port in a port forward or firewall rule unless you KNOW you need it!
          Do Not Chat For Help! NO_WAN_EGRESS(TM)

          1 Reply Last reply Reply Quote 0
          • ?
            A Former User last edited by

            Thanks for the help guys!

            So I created a LAN rule as shown in the screenshot but it doesn't seem to work.  Now, when I want to connect to that server over the internet I have to use the WAN IP right?

            The rule has my server as the source ip and the gateway is default.

            I assume I am doing something wrong here but can't figure out what it is.


            1 Reply Last reply Reply Quote 0
            • Derelict
              Derelict LAYER 8 Netgate last edited by

              You need a port forward to connect to that host inbound.

              https://doc.pfsense.org/index.php/How_can_I_forward_ports_with_pfSense

              Chattanooga, Tennessee, USA
              The pfSense Book is free of charge!
              DO NOT set a source port in a port forward or firewall rule unless you KNOW you need it!
              Do Not Chat For Help! NO_WAN_EGRESS(TM)

              1 Reply Last reply Reply Quote 0
              • ?
                A Former User last edited by

                So that means I have to do that in NAT right?  Am I suppose to be putting this rule on the LAN interface or the WAN interface.

                1 Reply Last reply Reply Quote 0
                • Derelict
                  Derelict LAYER 8 Netgate last edited by

                  https://doc.pfsense.org/index.php/How_can_I_forward_ports_with_pfSense

                  Chattanooga, Tennessee, USA
                  The pfSense Book is free of charge!
                  DO NOT set a source port in a port forward or firewall rule unless you KNOW you need it!
                  Do Not Chat For Help! NO_WAN_EGRESS(TM)

                  1 Reply Last reply Reply Quote 0
                  • ?
                    A Former User last edited by

                    Yeah I followed that and it doesn't seem to work at all.

                    I setup my NAT and that automatically creates a rules on the WAN side but I can't connect to my WAN IP with port 8123.



                    ![WAN Rules.PNG](/public/imported_attachments/1/WAN Rules.PNG)
                    ![WAN Rules.PNG_thumb](/public/imported_attachments/1/WAN Rules.PNG_thumb)

                    1 Reply Last reply Reply Quote 0
                    • Derelict
                      Derelict LAYER 8 Netgate last edited by

                      https://doc.pfsense.org/index.php/Port_Forward_Troubleshooting

                      Chattanooga, Tennessee, USA
                      The pfSense Book is free of charge!
                      DO NOT set a source port in a port forward or firewall rule unless you KNOW you need it!
                      Do Not Chat For Help! NO_WAN_EGRESS(TM)

                      1 Reply Last reply Reply Quote 0
                      • ?
                        A Former User last edited by

                        So I finally solved the issue!

                        I couldn't figure out the NAT and port forward so I hooked up my server to an extra NIC port on my pfSense and then gave that interface it's own separate network and then created the NAT rule for that network and everything is working fine now!

                        I have my server being routed outside the vpn and the rest of my network on the VPN.

                        Thanks for the help guys!

                        1 Reply Last reply Reply Quote 0
                        • B
                          boopathymuthusamy last edited by

                          Hi Team,

                          I have done dual wan connection in pfsense using load balancing but i cant use both network at a time.If wan1 is down after that only i am able to access 2nd wan. Is any idea for this to resolve.

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post