NordVPN Client only for specific hosts
-
So only have to pull down the nordvpn rule for that... If I'm understanding well.
-
@luckyzor You mean you have an existing LAN-to-DMZ allow rule but it's currently below your NordVPN rule? If so, then yes, simply re-ordering them may be all you need. If that doesn't work, post a screen shot of your LAN firewall rules.
-
I have this for now
-
@luckyzor Okay so add a new rule at the top that looks like the "Default allow LAN to any rule" but instead of the Destination being set to any (*), set it to "DMZ Address", or more likely "OPT1 Address", whatever corresponds to your DMZ interface. I'd probably also move it below the Anti-Lockout Rule, but that's just for aesthetics; since they'll have mutually exclusive destinations they can't both match the same traffic anyway.
-
@thenarc said in NordVPN Client only for specific hosts:
So you set the Gateway setting to Default, but that doesn't mean it uses the default gateway.
Huh? You leave the gateway at default - ie you don't touch it and then it uses routing.. Maybe its just me doing this stuff for 30+ years and using pfsense for 10 some years. But its pretty freaking clear..
Here is what I will say - pretty much every guide I have seen out there for all these BS vpn services is either just WRONG or not how you should be doing it... I have yet to see one that was good or actually went into the detail that should be setup. But then again they are catering to the people that would use them in the first place.. So they have to want to go over the most basic info - click this and you will use us sort of setups.
What I would suggest is understand how it works before attempting to route traffic out a vpn vs just clicking buttons on some "guide" you found from 3 versions back, etc.
-
This guy knows what he is talking about :
https://www.infotechwerx.com/blog/Creating-pfSense-Connection-VPNBook
But even he hasn't found the time to update it to a current pfSense version. Still relevant though.
-
@johnpoz All I mean is that from this:
It's not intuitively obvious to me whether "Default" means "use the default gateway." But your point about not needing to touch that setting at all is of course dead on.I enjoy contributing what I can to the forums, and I do my best not to misrepresent my level of knowledge or confidence. I never mind being corrected, and am willing to admit when I'm wrong. I've received and appreciated valuable assistance from you in the past, and I believe I have always deferred to your expertise. But sometimes the tone of responses is discouraging. If there's a concern that forum members below a certain level of expertise are routinely providing dangerous or misleading information, I can respect that. I can even accept if that's an opinion held of me, in which case I'll gladly stop attempting to provide answers and use the forums only when I have questions of my own. But a gentle correction suffices. I admittedly know less than you and many others on the forum, and enjoy learning more, but enthusiasm wanes when I'm made to feel stupid for trying to help others. That said, I may be more sensitive than others in that respect. And I pledge to try to better qualify any advice I give in the future with my relative level of confidence in its accuracy, or to not comment at all if my confidence is not relatively high. I promise that I don't want to give people bad advice just as much as you don't want me to give people bad advice.
-
It says it right there. use the system routing table
-
@derelict Yeah so basically, if you select anything other than "Default" in that drop-down, you're overriding the system routing table and saying "use only this one specific gateway (or gateway group) that I specify" (i.e. policy routing), right? And when you select a default gateway (in System > Routing), you're selecting the gateway used for the default route in the system routing table. Just trying to get my terminology straight.
-
https://www.netgate.com/docs/pfsense/book/
-
This post is deleted!