This seems over complicated.



  • Hi all,

    pfSense 2.3.4 with OpenVPN client connected to my VPN Provider.

    Can someone please let me know if I have done this correctly as it does work but seem over complicated.  I want to prevent any traffic from VPN Hosts from Egressing the WAN and have followed the instructions at:-
    https://www.infotechwerx.com/blog/Prevent-Any-Traffic-VPN-Hosts-Egressing-WAN

    I also want a WAN IP 110.232.140.75 not to go out the VPN but via the WAN instead at all times.

    So I setup a Static Route

    Create the floating rule:-

    Excluded 110.232.140.75 from my LAN to VPN rule:-

    TIA

    Greg


  • Rebel Alliance Global Moderator

    If you have a rule that sends traffic down your vpn connection, and that vpn connection is down and you did not checkmark do not create rule when gateway down in the gateway monitoring section of advanced misc.  Then the rule when gateway is down will be same rule just without gateway set so yeah traffic can route out the normal gateway.

    Another way to do it set it so the rule is not created.  Then if your vpn is down the rest of your rules are evaluated, so if you have a rule below that allows the traffic they could get it out your normal wan.  If you don't have a rule that allows them then they wouldn't

    All comes down to how you want to do it.  Depending on on how many networks you have, how many wan interfaces this way might be simpler to cover all the bases with.. There are multiple threads about this all over the forum.  What you do exactly depends on many factors of how you want to skin the cat, and what sort of cat it is - is it a Bobtail or a Siamese or maybe Chartreux, etc. etc.