Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Stop openVPN falling back to the default WAN when OpenVPN is down?

    General pfSense Questions
    4
    5
    767
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      Spectrum48k last edited by

      Hi Guys

      I've got everything set up on my home pfSense router - It operates like a normal router, but any IP address in a specfic range ie. 192.168.0.100 to 110 gets routed through the OpenVPN interface

      My problem is, when openVPN is down, the devices get routed through the default WAN interface

      If I remember correctly, isn't there a command I can employ on the OpenVPN firewall rule that prevents this?

      pfSense 2.4.1
      Intel Atom E3845 Quad Core 1.9GHz AES-NI
      Intel Gigabit Ethernet x4
      pico-ITX form factor
      16GB mSATA
      2GB DDR3L

      1 Reply Last reply Reply Quote 0
      • H
        heper last edited by

        might want to check out the negate rules

        1 Reply Last reply Reply Quote 0
        • S
          Spectrum48k last edited by

          thanks

          for some reason i thought it might be a no_wan_egress rule but i couldn't find it in the menus

          pfSense 2.4.1
          Intel Atom E3845 Quad Core 1.9GHz AES-NI
          Intel Gigabit Ethernet x4
          pico-ITX form factor
          16GB mSATA
          2GB DDR3L

          1 Reply Last reply Reply Quote 0
          • V
            Velcro last edited by

            Try these 3 settings:

            1. VPN -> OpenVPN(assuming you are using OpenVPN -> "Don't add/remove routes" (Mine is not checked)
            2. Firewall -> NAT -> Outbound (I made sure select WAN rules were deleted…no way out but VPN)
            3. Firewall -> Rules -> "The interface you are channeling the VPN traffic" -> The internet allow traffic rule -> In the rule itself look for the "Advanced Option" button named "Display Advanced" -> "Don't add/remove routes"  drop down-> "Gateway" option -> Select VPN Gateway for your VPN.

            All this assumes you have an interface setup for your VPN...I am doing the same thing and this works for me.

            Open to feedback if I am doing this wrong!

            Thanks,
            Sean

            1 Reply Last reply Reply Quote 0
            • Derelict
              Derelict LAYER 8 Netgate last edited by

              https://www.infotechwerx.com/blog/Prevent-Any-Traffic-VPN-Hosts-Egressing-WAN

              Chattanooga, Tennessee, USA
              The pfSense Book is free of charge!
              DO NOT set a source port in a port forward or firewall rule unless you KNOW you need it!
              Do Not Chat For Help! NO_WAN_EGRESS(TM)

              1 Reply Last reply Reply Quote 0
              • First post
                Last post