Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Ip "free outbound" from NordVPN

    Scheduled Pinned Locked Moved OpenVPN
    12 Posts 2 Posters 1.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      dominusdj
      last edited by

      Hi everyone, I followed the instructions from the NordVPN site to set up the VPN directly on the firewall to "protect" all traffic on my home network.

      For info on the procedure I followed:
      https://support.nordvpn.com/Connectivity/Router/1089079142/pfSense-2-4-4-setup-with-NordVPN.htm

      But now I find the SKY decoder that no longer allows the download of the films (I could not understand why)

      At this point I would like to create a rule to let the decoder out of sky directly, without going through NordVPN.

      Is anyone kind enough to help me on the rule to create on pfSense?

      Thank you all!

      V 1 Reply Last reply Reply Quote 0
      • V
        viragomann @dominusdj
        last edited by

        @dominusdj said in Ip "free outbound" from NordVPN:

        But now I find the SKY decoder that no longer allows the download of the films (I could not understand why)

        Presumably they don't like NordVPN likewise most other VPN providers.

        You need to add a policy routing rule to direct the upstream traffic from the box out to the WAN.
        Since I guess, it need to access different IPs, best way is to add an alias of type IP/network (Firewall > Aliases > IP) and add all RFC 1918 networks to it, call it RFC1918.

        Then add a pass rule to the top of the interface which is facing to the box:
        protocol: TCP/UDP (presumably)
        source: single host or alias > IP of the box
        destination: single host or alias > RFC1918
        Expand the advanced options, go down to Gateway and select the WAN gateway from the drop-down
        Save the rule.

        Should work after then.

        D 1 Reply Last reply Reply Quote 0
        • D
          dominusdj @viragomann
          last edited by dominusdj

          @viragomann tanks a lot for fast reply!!!

          I added a new alias called RFC1918 but

          885cd3ba-c2c6-412b-8b5d-62a5258727bc-immagine.png

          I can't undestand which is the second menu I have to open to add the pass rule, probabily in rules?

          fafaf1b9-1b02-48d9-a894-20220352fa81-immagine.png

          Do I need to add a new DNS to not use NordVPN's to match the WAN?

          63aeb819-0537-445a-badd-7a10863b19de-immagine.png

          Thanks a lot and sorry for my inexperience

          V 1 Reply Last reply Reply Quote 0
          • V
            viragomann @dominusdj
            last edited by

            Yes, a filter rule like that.

            @dominusdj said in Ip "free outbound" from NordVPN:

            Do I need to add a new DNS to not use NordVPN's to match the WAN?

            That might be an issue. It could end in DNS leaking, when DNS requests are going out to the VPN.

            If you have no need to filter the DNS of the box, the easiest way is to use a public DNS on that device.
            The filter rule would direct it out to WAN, but you have the change the protocol to TCP/UDP.

            D 1 Reply Last reply Reply Quote 0
            • D
              dominusdj @viragomann
              last edited by

              @viragomann there something wrong.
              Doesn't work

              8777843e-f34d-4668-8f38-ab9fa928a78b-immagine.png

              For DNS, ok I have added manual google DNS on SKY decoder.

              It is really strange because I see the preview of the movie covers on the SKY decoder but only the download not works

              V 1 Reply Last reply Reply Quote 0
              • V
                viragomann @dominusdj
                last edited by

                @dominusdj
                At destination you have to enter the alias name!

                D 1 Reply Last reply Reply Quote 0
                • D
                  dominusdj @viragomann
                  last edited by dominusdj

                  @viragomann thit is Alias:

                  0c3f2a9b-6d68-476b-b67a-73d731540772-immagine.png

                  and this is the setting rule

                  d6130298-db02-4ec4-845c-b32237b3b7f5-immagine.png

                  V 1 Reply Last reply Reply Quote 0
                  • V
                    viragomann @dominusdj
                    last edited by viragomann

                    @dominusdj
                    The RFC1918 (private networks) alias should look like this:

                    dc596ab2-2dbe-4fba-9ac8-3b013d507cf0-grafik.png

                    But something that I had forgotten: You have to check the invert box at destination!

                    This means the rule is applied to any destination which is not contained in the stated alias. I.e. all public IPs (not private).

                    1 Reply Last reply Reply Quote 0
                    • D
                      dominusdj
                      last edited by

                      I`m so sorry but not work

                      c86a0531-e6a3-42aa-b03f-1a330216c2f5-immagine.png

                      355cac33-ff3b-41f7-a735-083a98289b24-immagine.png

                      V 2 Replies Last reply Reply Quote 0
                      • V
                        viragomann @dominusdj
                        last edited by

                        @dominusdj
                        Possibly there is still a connection over the VPN open.
                        You can try to kill the states (Diagnostic > States).

                        It should work. Is the rule still on the top of the rule set? Are there any rules on the floating tab?

                        1 Reply Last reply Reply Quote 0
                        • V
                          viragomann @dominusdj
                          last edited by

                          @dominusdj
                          Dude, you have to add the rule to the internal interface!!!

                          @viragomann said in Ip "free outbound" from NordVPN:

                          Then add a pass rule to the top of the interface which is facing to the box:

                          D 1 Reply Last reply Reply Quote 0
                          • D
                            dominusdj @viragomann
                            last edited by

                            @viragomann said in Ip "free outbound" from NordVPN:

                            Dude, you have to add the rule to the internal interface!!!

                            Thank you very much, it had escaped me, now everything works perfectly.
                            You were too kind!

                            Thanks again

                            1 Reply Last reply Reply Quote 0
                            • First post
                              Last post
                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.