• Hi. I am pretty new to using PFSense or any kind of non consumer grade routing hardware. Going to give some background, which will probably be more info than necessary, to answer my question.

    I recently purchased this little 4 port mini-computer for use as a OpenVPN gateway to route all my home traffic through PIA. There were some concerns about if having enough horsepower to be able to handle OpenVPN at my ISPs provided bandwidth (100Mbps), but it seems to fair fine in that area.


    I followed this recent video which describes how to configure PFSense for use with PIA and how to configure certain machines with static IPs to not use the VPN.

    Youtube Video

    I also used this tutorial to configure the DNS settings to avoid leaks and turn on hardware acceleration, which my processor supports.


    Also, In passing I figured out how turn off IPV6 across the board and bridge all the additional ports on my mini computer to the LAN.

    I would like to setup multiple subnets (each with their own DHCP pool) one on which outbound traffic goes through the vpn, and one which traffic goes out the WAN unencrypted. I think the solution here is Vlans, but everything I read seems to indicate that you need manages switches to do that.

    1. Do I have to have a managed switch (whatever that is) for Vlan?
    2. Are Vlans the simplest way to go about what I am looking for?

  • FWIW. The ultimate goal here is to be able to quickly switch devices on my network from VPN to WAN or vice versa.

  • If you want separate subnets then undo your LAN bridge and use one of the interfaces for another subnet. Bridging the LAN ports isn't a great idea anyway, if you need to connect more clients get a switch.

  • Thanks for the response. I can certainly do that, since I have a cheapo switch sitting around. However, I am not seeing that will get me to the place where I can just change the subnet mask on a given machine and switch on/off vpnz

  • @gsrunion:

    … just change the subnet mask on a given machine and switch on/off vpnz

    Sorry, that cannot be done in this fashion.

    We don't know what you want to use your VPN for.
    However, you could use policy based routing to have doamin1.com out you WAN and domain2.com out through the VPN. Maybe that helps.

    BTW: don't watch videos and recreate what you saw - read and understand docs and be creative yourself!

  • Thanks for pointing me to the docs. I will look that over. I guess I will stick with IP address based rules for routing traffic over vpn/wan.