pfSense using VPN gateway instead of WAN

  • I was trying to resolve an issue where certain google devices would show no internet since they hardcode their own dns into the device. So I setup transparent dns proxy to redirect any port 53 request to go through my dns filter. Couldn't figure out why i kept getting a blocked (DNS provider block ip address) then found out that pfSense was going through my VPN instead (any ip address not registered to DNS filter provider will go to block page). When I turn off the VPN it goes through my WAN. Is there a route or setting I need to check to make pfSense only go through WAN and not my VPN?

    WAN is setup as default gateway
    VPN is Private Internet Access with interface and gateway to force client to go though VPN w/no egress floating rule.

  • What is your outgoing nat rule for your vpn? Is it restrictive enough that this traffic should be rejected and go out your default?

  • It is outgoing for the whole subnet, I tried changing the order to before and after the WAN, and even disabling it all together with no luck. Disabling that outbound nat rule, that subnet isn't able to go out the vpn. But pfSense still goes out the vpn for some reason. Even after resetting states and restarting.

  • @its_maek Just a shot in the dark here, but I had similar issues that were possibly related... Have you ever used service watchdog? If so, check if there are any watchdogs running for VPNs that no longer exist.

Log in to reply