small routing problem for package manager.

  • I have the following setup.

    • WAN + VPN
    • Routing / Gateway Group = VPN (WAN is excluded)
    • DNS Server - localhost is included
    • All WAN firewall rules have VPN Gateway specified
    • Work laptop has a VPN exception, to go directly out WAN (using it's own VPN)
    • China Geo IPs excluded to go direct via WAN
    • NTP / DNS redirected to pfsense

    Works successfully as desired;

    • VPN down, only work laptop CAN connect via it's own VPN as well as use ICMP for diags.
      browsing does not work, until work VPN established via WAN
    • VPN down, no other clients can work.
    • VPN up, all browsing, mail, etc goes via VPN (except work laptop, goes via WAN and work VPN)

    So far so good. but now the problem.

    • VPN down, pfsense package can't find available packages
    • VPN up, pfsense packages can find available packages

    Clearly it is using the default route (which is down when it is the VPN), but this is required to lock the network down when the VPN is down.

    How can i change the route for the pfsense box to use the WAN instead of the VPN?


  • Add a static route for the package hostname directing packets to the WAN gateway.

    To do so, first add an alias of type hosts and add "" to it. Then add a static route and enter the name of that alias at "Destination network", select the WAN gateway from the drop-down.

  • that did the job....thanks

Log in to reply