All traffic behind pfsense is being routed through VPN. How can a client opt out?
-
Hi there. I am very new to pfsense and not so great with whole networking stuff but I love to learn and experiment. I got myself one in 1037u board.
My setup is like this:
Isp - ADSL modem - wan port pfsense - lan port pfsense with dhcp and openvpn client - dumb switch - APs and home network clients.
I have a couple of scenarios when a client should have an option to opt out of vpn routing (gaming PCs and occasional wireless clients).On my current setup (VM ubuntu router with dhcp and vpn client on NAS) it's easily done with getting static IP on the network and using directly ADSL modem as gateway. With pfsense however I can't do that cos ADSL modem and wan interface are on one network and LAN interface and all the clients are on the other. How can I give a client an option to skip VPN?
-
@valk Add a pass rule on LAN, src=client IP, dest=any, gateway=VPN. Place it above your rule hat passes all traffic to your VPN gateway.
-
@kom think you meant wan for gateway vs vpn ;)
I personally not a fan of vpn services wanting to route all traffic to them.. You can just not pull routes from the vpn connection. And now anything you want to go out the vpn you would policy route vs having to policy route for stuff you don't want to use the vpn.
-
^^ Agreed. I personally route specific clients down the VPN instead of routing your entire network down the tunnel and selectively picking clients to bypass policy routing.
-
@kom I was looking for less permanent solution... I literally need an option for a client to "toggle" vpn on/off. In my country you don't want ur ISP to get any info on ur traffic except gaming and rare other occasions. So I want to be able to do it from the client side. If it is possible.
-
@valk said in All traffic behind pfsense is being routed through VPN. How can a client opt out?:
So I want to be able to do it from the client side
Then run your vpn on your client..
