VPN connection to different servers

  • I use a vpn service and I have created an OPT1 that uses a particular server. This interface is used as the default route since I route all my traffic via the VPN interface except for my TV (netflix) and my work laptop(multiple VPNs slow down my work). However if I want to bypass the geo-blocking for certain websites, how would I do that?

    In other words how do I quickly switch the VPN server to connect to in case the server goes down or I wanted to access content from a different country? At the same time, I'd rather not have to move all my devices from 1 interface to the other each time I want to switch the VPN server.

    Would I have to create multiple OPTx interfaces for all the servers that I want to connect to? or is there a setting that will quickly allow me to connect to a different server?


  • no one?


  • I'll tell you my scenario in hopes you can apply it to your needs.
    I utilize PfBlockerNG's GeoIP Listing capability to create an alias list of country's IPs.
    I have three VPN connections going, setup as Gateways (each own interface), in one Gateway Group.
    Then, a rule on LAN, that matches Source to the alias list created by PFBlockerNG, with gateway (under advanced settings) set to my Gateway Group.

    Any traffic destined for my country, goes out the VPN, and I can get around geo-blocking.

  • Would you have some links to the detailed tutorials so that I can follow along?

    I am a novice when it comes to pfSense and networking in general and would really like it if there were a tutorial I could follow instead of messing something up without realizing it.


  • I'm not aware of any specific tutorial for your situation.
    I too was once a novice but over the last two years active on this forum and reddit.com/r/pfsense, I learned a lot.

    I recommend you start with pfBlockerNG and learn how it works. Learn how to create "Alias Match" GeoIP lists and then create some "match" type firewall rules to test how they work.

    E.G. create a "Europe" geo-list (all countries). Create firewall rule on LAN, set destination to your alias-list, then visit some Euro website and see if the packet is logged. If it works, then you would just set the VPN gateway as the default for this rule and all traffic would get routed over it.

    This link lhttps://www.reddit.com/r/PFSENSE/comments/6edsav/how_to_proper_partial_network_vpn_with_kill_switch/ has some pointers, until up to step 6), where you would have to construct your rule.

  • Thank you bartkowski. I will look into these and see how I can accomplish what I need to do.

Log in to reply