OpenVPN Client - VPN.ht working good for 1 IP/device but failing over to WAN



  • Hi,

    i'm using a pfsense hardware device (Netgate SG-4860)

    i've successfully setup openvpn client to vpn.ht

    I only wanted 1 ip address to go through the VPN - Done

    problem - if the VPN is down, i do not want it to go through my default wan… but it does.
    I've scoured the forum as best i can..

    I've tried a blocking rule after the firewall rule, tried inverted allows for the rest of the lan etc.. nothing works.

    after lots f trial and error, i've come to the conclusion it has nothing to do with the rules - there must be some option somewhere (to do with the gateway/interface) which is allowing it to failover onto the WAN even though its set specifically to only go through the vpn interface.

    please can someone help

    this is what i've wound up with so far (and not working).

    I also notice, that some of my services carry on sending traffic to the WAN even if i start blocking everything (if they already have connections) -



  • sorry to bump.

    I'll donate 15$ for a fix to this.

    my NAT looks like this :



  • If you want that devices routed trough VPN stop connecting if the VPN connection is down, you should follow this guide:
    https://www.infotechwerx.com/blog/Prevent-Any-Traffic-VPN-Hosts-Egressing-WAN



  • thanks for this.

    it looked like it was all working - but, when disabled the VPN, it also took down my normal lan, not just the host i want to stop being able to access the net if the vpn is down.

    it's like it was marking all packets but it was only set for the one rule (the top one in the first post - below the default).

    I also tried the alternative method at the bottom and added back the block rule..

    any ideas?