Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Stop openVPN falling back to the default WAN when OpenVPN is down?

    Scheduled Pinned Locked Moved General pfSense Questions
    5 Posts 4 Posters 1.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      Spectrum48k
      last edited by

      Hi Guys

      I've got everything set up on my home pfSense router - It operates like a normal router, but any IP address in a specfic range ie. 192.168.0.100 to 110 gets routed through the OpenVPN interface

      My problem is, when openVPN is down, the devices get routed through the default WAN interface

      If I remember correctly, isn't there a command I can employ on the OpenVPN firewall rule that prevents this?

      pfSense 2.4.1
      Intel Atom E3845 Quad Core 1.9GHz AES-NI
      Intel Gigabit Ethernet x4
      pico-ITX form factor
      16GB mSATA
      2GB DDR3L

      1 Reply Last reply Reply Quote 0
      • H
        heper
        last edited by

        might want to check out the negate rules

        1 Reply Last reply Reply Quote 0
        • S
          Spectrum48k
          last edited by

          thanks

          for some reason i thought it might be a no_wan_egress rule but i couldn't find it in the menus

          pfSense 2.4.1
          Intel Atom E3845 Quad Core 1.9GHz AES-NI
          Intel Gigabit Ethernet x4
          pico-ITX form factor
          16GB mSATA
          2GB DDR3L

          1 Reply Last reply Reply Quote 0
          • V
            Velcro
            last edited by

            Try these 3 settings:

            1. VPN -> OpenVPN(assuming you are using OpenVPN -> "Don't add/remove routes" (Mine is not checked)
            2. Firewall -> NAT -> Outbound (I made sure select WAN rules were deleted…no way out but VPN)
            3. Firewall -> Rules -> "The interface you are channeling the VPN traffic" -> The internet allow traffic rule -> In the rule itself look for the "Advanced Option" button named "Display Advanced" -> "Don't add/remove routes"  drop down-> "Gateway" option -> Select VPN Gateway for your VPN.

            All this assumes you have an interface setup for your VPN...I am doing the same thing and this works for me.

            Open to feedback if I am doing this wrong!

            Thanks,
            Sean

            1 Reply Last reply Reply Quote 0
            • DerelictD
              Derelict LAYER 8 Netgate
              last edited by

              https://www.infotechwerx.com/blog/Prevent-Any-Traffic-VPN-Hosts-Egressing-WAN

              Chattanooga, Tennessee, USA
              A comprehensive network diagram is worth 10,000 words and 15 conference calls.
              DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
              Do Not Chat For Help! NO_WAN_EGRESS(TM)

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.