Successful ping when VPN client is deactivated

Mufflon

Hi ,
I'm still new in this topic and maybe I just don't get it :/

I successfully created a VPN client and all traffic is routed through the tunnel.
whenever I deactivate the client all devices in the LAN do not have any access to the internet… using the terminal and the "ping" command is unsuccessful... no magic, absolutely clear.

However, using the ping function from Diagnostics --> Ping leads to successful response from the respective server even if the client is deactivated.
This is somehow strange since I would suggest that also traffic from the pfsense machine itself is routed through the tunnel... :o
Furthermore, the check for update function at the dashboard also works when the VPN client is deactivated.

So... could someone please tell me whether I configured something wrong?!

Cheers

Mufflon

No ideas?  :(

jahonix

At least you're thinking somewhat wrong.

Your pfSense creates a connection to the outside, usually your ISP. If you setup a VPN on top of that to reach some destination it's still something on top of the basic internet connection.
Think of pfSense as a shoe box with interfaces poking out. With rules you can control what comes into that shoe box. You cannot control what goes out.
This also means that your pfSense can always ping out any interface (or check for updated). It is the shoe box.

Mufflon

Oh, thx for that plausible example. That makes sense ;)