Help please? Home openvpn, 1 pc needs to go through vpn, others wan



  • Hi Guys, I thought I had everything working but for some strange reason, the box stopped being able to resolve DNS for some reason

    I've now got a clean install of pfSense 2.4.1
    All I've done is run through the wizard and it connects and to my ISP fine
    1x WAN port, 1xLAN port
    The box offers DHCP to the LAN, 192.168.1.100-199
    I've set up a CA for my openvpn provider
    I've added the OpenVPN client, which connects successfully
    I've added the OPT1 interface, which points to the OpenVPN client

    Can someone explain the steps from here so that only the PC 192.168.1.10, goes through the openvpn?

    Whatever I did in the past, cocked up DNS resolution

    Thanks in advance



  • Presumably you have added a firewall rule for the PC 192.168.1.10, allowing access to any over the VPN gateway.
    And your PC is configured to use pfSense for DNS, which isn't possible over the VPN gateway.

    You either have to allow also DNS and DHCP (if applicable) (or any) access from the PC to pfSense or set the PC to use an external DNS.
    The first way will cause DNS leaks, the second will avoid it.



  • so far I haven't added any additional NAT or FIREWALL rules from the above

    Firewall > NAT > Outbound

    1. switch from auto to manual
    2. Add rule:

    interface:OPT1
    source: 192.168.1.0/24
    description: LAN > OpenVPN

    Firewall > Rules

    1. Add new rule, place it at the top

    • 192.168.1.10 * * * OPT1
      2. Alter existing LAN to ANY rule to specify gateway
    • LAN net * * * WAN


  • @Spectrum48k:

    2. Alter existing LAN to ANY rule to specify gateway

    • LAN net * * * WAN

    This rule will only allow upstream traffic, since you have specified the WAN-GW. It will not allow access to pfSense for DNS or DHCP. Don't know if you need that.
    Otherwise go to the vpn client settings and check "Don't pull routes" to prevent setting the default route to the vpn gateway and withdraw the LAN net to any rule.



  • firewall > rules > lan

    add the ip of the devices to the list, then under the settings change the gateway to WAN_dhcp.

    this is how i allow netflix to play on my TV while the rest of the network is under PIA VPN


Log in to reply