Best way to route all traffic thru VPN provider?



  • I suspect this is a straight forward question for the pfSense gurus and was hoping to get advice. I have attached a copy of my rules.

    Is there a way I should configure my pfSense so my DNS queries run thru my VPN provider for select interfaces? Should I change the gateway on my 1st rule(access to port53) so the gateway is VPN? If I did change the gateway for my port 53 rule…do I screw up my DNS resolver functionality?

    Under System->Advanced->Miscellaneous there is a check box for "Skip rules when gateway is down"...I have that box checked. It is my understanding this option forces the VPN traffic in my case thru port 80 and 443. Is this best?

    I took my VPN down yesterday and noticed I was still about to check for upgrades on my pfSense box(SG2440), I believe this communication is done thru my WAN. Should I be directing this thru my VPN provider? If so how do I do this?

    Some notes:

    • I have modified my rule for port 80 and 443 in "advanced" to stipulate traffic goes thru my VPN provider.
    • DNSleak tests OK...no leak
    • I have some devices that do not work over VPN(Netflix, Amazon TV, etc...)
    • I trust my VPN more then my cable(better of 2 evils)
    • I also run pfBlocker

    Any advice would be greatly appreciated...