VPN client setup advise



  • Hi,

    I bought a 4xNic aes-ni mini pc with pfsense  to replace my home router.
    The main reason i want to replace my home router is to setup an openvpn client ( Expressvpn). Is it possible to select the ip's which will be using the VPN tunnel? Or is it only possible to exclude the ones not using the VPN tunnel?

    Greetzzz,

    Gerben



  • This can be done by policy routing in pfSense. https://doc.pfsense.org/index.php/What_is_policy_routing

    You have to set up your vpn client with "don't pull routes" checked to avoid to get pushed the default route and assign an interface to the vpn client instance.
    Then you can select the gateway (vpn or wan) in the firewall rules advanced options, which is permitting the upstream traffic.



  • Ok….and does "assign an interface" mean assign to a physical ethernet port?
    I ask this because if so, I have to change the physical location of the pfsense box I had in mind.



  • No, you just have to assign an virtual interface in pfSense which is needed to route the traffic.

    Ensure that the vpn connection is up.
    Go to Interfaces > Assignments, aside "available network ports" select the OpenVPN instance (e.g. ovpnc1; you will also find the description here you have entered on the clients settings tab), hit "Add". Then open the interface config by clicking on the name, check enable and set a meaningful name and save the settings, not further configuration to make here.



  • Sorry i'm not so familiar with virtual interfaces.
    I bought a (still on its way) Qotom box with 4 ethernet ports and pfSense pre-installed: WAN,LAN,OPT1,OPT2
    Now I want to bridge OPT1 and OPT2 and LAN because I need those ports physically in my home network.
    Once I bridged the 3 ethernet ports, it is still possible to create a virtual interface for the VPN tunnel?

    I this article it looks like OPT1 physically is assigned to a network port: https://www.infotechwerx.com/blog/Creating-OpenVPN-Assigned-Interface



  • Yes, you can assign as many interfaces as you need. pfSense call the interfaces WAN, LAN, OPT1, OPT2…
    WAN and LAN are irrevocably, but instead of the "OPTx" you can assign an alternative name which fits better to your utilization.



  • ok thanx for the help, i first will setup my pfsense box with 4 network ports so it acts like a 3 ports router. After that i will try to setup the openvpn client and assign it to an interface

    Greetoidzzz



  • @gschmidt:

    Hi,

    I bought a 4xNic aes-ni mini pc with pfsense  to replace my home router.
    The main reason i want to replace my home router is to setup an openvpn client ( Expressvpn). Is it possible to select the ip's which will be using the VPN tunnel? Or is it only possible to exclude the ones not using the VPN tunnel?

    Greetzzz,

    Gerben

    Expressvpn will leak your DNS. You can not setup pfsense with their dns servers. I inquired with them. You will have to point to 3rd party open dns server which will cause you leak dns out.