Connect my pfSense to a 3rd party VPN to route specific traffic across it.

  • Ok, so I have a PF sense router at home and want to use my 3rd party VPN provider so I can watch Netflix in other countries. Now this works on a local PC fine, but I want this to work on my Smart TV.

    So I have this setup .

    Interface 0 - WAN
    Interface 1 - LAN (Static IP)
    Interface 2 - TV (DHCP with reservation), Bridged

    So my question is.

    1. Can I get my pfSense to connect to the external VPN provider using remote gateway? It uses IKEv2.
    2. At a setting change (as I don't want this permanent) can I route the TV through the VPN so the TV only has the VPN IP Address?

    Any tips would be appreciated!

  • Netgate Administrator

    You can't route traffic from the TV if it's bridged to the WAN at layer 2.

    You probably can get pfSense to connect to your provider but if you want to selectively route across it you would be much better off using OpenVPN.

    It may not work anyway as Netflix go to great lengths to detect this sort of thing.


  • LAYER 8 Global Moderator

    I don't think he has it bridged to wan - looks like he has his 2 lan interfaces bridged... Get a freaking switch..

    Not even sure why we allow such posts - blatant request for how to circumvent a companies restrictions.. We might as well start hosting magnet links to movies ;)

  • Netgate Administrator

    Ha. Mmm, I agree this sort of question is at best morally debatable!

    If it's bridged to LAN then, maybe. But OpenVPN would still be better for routing across.


  • So, lets rephrase the request.
    There are a few US sites that refuse to serve European ip's because of gdpr concerns.
    So they use geolocation and they provide the dreadful 451 error.
    Now, if one wants to access those sites, and is obviously taking technical measures to circumvent such blanket restrictions, which gives descent legal excuses for the site ops to allow such access, how is this implemented in pf?

    Remember, we are talking about publicly available web sites...

    Hosting magnet links is something else. :))

  • Netgate Administrator

    There are plenty of legitimate use cases for this sort of thing.

    The easiest way is to configure pfSense as an OpenVPN client. Set it not to pull routes so it doesn't become your default route. Then use policy routing to catch traffic from some internal clients or to some destinations and send that traffic over the VPN.

    It's quite a popular configuration. Sufficiently popular we did a hangout on it:
    Youtube Video

    Couple of years ago now but still applies.


  • LAYER 8 Netgate

    This post is deleted!

  • LAYER 8 Global Moderator

    Your still openly asking to circumvent a company policy - be it you like it or not.. Which is my point - there are plenty of legit reason to use a vpn, etc.. You could of used the typical tinfoil hat response your hiding your "legal" stuff from your ISP...

    Really no different than if you were here asking how to circumvent the DRM protection of some game...

    If a company doesn't want EU users accessing its site, maybe its because of gdpr - still their site and their stuff and their policy.. If they say you have to be in country X to watch abc, then you legally need to be in country X.. Pfsense shouldn't be here to help you circumvent that policy.. My opinion - I don't make the rules I just help.

  • N@stephenw10 I wrote a guide to making a whole home VPN it allows you to route everything or specific things through your VPN provider I will tell you cyberghost VPN has the guide I but 1/2 of the time Hulu or others detect it so thier service denies u access until you turn off VPN so the right VPN provider may make all the difference in the world I will look for my guide and I would be happy to help if I can I'm a beginner I have that guide if you want it

  • @johnpoz well I for one don't like companies that compromise network security would you build a white picket fence to guard your million dollars worth of Jewelery

  • Well, then we just remove the reason and focus on the task. If we call it service A, and site B then all is well. Using real world scenarios makes conveying information more palatable. Pfsense per se isn't circumventing anything. Its the user config that does.
    I agree, that morally its not right to guide anyone on how to brake the rules too.

  • LAYER 8 Global Moderator

    @telescopedepth said in Connect my pfSense to a 3rd party VPN to watch Netflix from that country:

    white picket fence to guard your million dollars worth of Jewelery

    ? Huh??? WTF does have to do with circumvention of a geo restriction policy? And lets be clear here use of vpn in this sense is not freaking security of anything.. Your hiding what your doing from the company you pay for access to the freaking internet... And handing off everything to some other company that for some reason you trust more..

    This sort of use of vpn has zero to do with security..

  • IF YOU THINK YOU CAN HIDE ANYTHING YOU MUST BE A GRAND MASTER OF TECHNOLOGY ALL TECH IS BUILT TO TRACK YOU I LIKE THE AD- BLOCKER IT BLOCKS ALOT OF ADS FROM FREE TV SITES BUT I THINK ITS NECCESSARY FOR ALL PEOPLE TO ENCRYPT THIER TRAFFIC BECAUSE IF YOU MAKE THEM WORK FOR THE INFO THEY DESERVE IT THEY EARN IT TAKING IT FOR FREE IS B.S AND WITH ALL The Tracking A Smart person or entinty can blackmail judges or whoever they would essientially turn America into Mexico but whatever I wouldn't care if my traffic made a complete circle back to my network as long as the adblocking force https and all other features still worked and I agree you are giving some other company access easedropp on you but internet company's like electric company's are a form of police except you have no rights like you do with the real police so you smart to do this if you think some idiot my hack into your network and violate the terms of service which they make you personally liable for I'm sorry for my limited mental capacity to stay on topic

  • Netgate Administrator

    Locking this topic, it's going nowhere.

    Please open a thread in general-discussion if you wish discuss privacy issues in general. Thanks.


Log in to reply