NordVPN and Pfsense with LAN and OPT1 Routing, can't access IoT device with VPN enabled

ACE 1 · May 11, 2022, 5:23 PM

Hello

I have LAN setup with 10.10.0.1 dhcp configured, OPT1 with 192.168.99.1 dhcp configured. Everything worked great and I could ping everything on both LAN and OPT1 and i could reach any IoT sites or web interface from my main windows computer.

I then configured NordVPN and everything went well with the setup except for Netflix and a couple of streaming services. So I created VPN Gateway groups to fix and a couple of rules on the LAN firewall to fix this issue.

Now the the problem is when NordVPN is disabled everything works perfect, but as soon as I enabled it I loose the ability to go to any IoT devices web page on the 192.168.99.1 network.
Before I could go to any of the 192.168.99.1 network addresses and configure what ever i needed.

When I ping from my windows computer I get this:
login-to-view

10.8.2.1 is the NordVPN Gateway

login-to-view

Am i missing something?

Do I have to create another NAT Outbound rule for the 192.168.99.0 network.

Thanks

Bob.Dig · May 11, 2022, 5:31 PM

@ace-1 Show the rules.

ACE 1 · May 11, 2022, 5:34 PM

login-to-view login-to-view

ACE 1 · May 11, 2022, 5:41 PM

login-to-view

Bob.Dig · May 11, 2022, 6:30 PM

@ace-1 Create an RFC1918 Alias for you LAN, it can't work if the nord-gateway (or any other gateway) is first for destination any.
Or just make a rule LAN to OPT without a gateway on top of LAN.

ACE 1 · May 11, 2022, 7:09 PM

Like this?
login-to-view

ACE 1 · May 11, 2022, 7:19 PM

That works for my IoT devices now but I loose my VPN for 10.10.0.9.

Created the second rule you said and it worked, VPN up on 10.10.0.9 plus I can get the IoT device webpage.
Your a genius !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

ACE 1 · May 11, 2022, 7:23 PM

login-to-view

Bob.Dig · May 11, 2022, 8:17 PM

@ace-1 said in NordVPN and Pfsense with LAN and OPT1 Routing, can't access IoT device with VPN enabled:

Your a genius !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

Or you have to learn some more of the basics.

ACE 1 · May 12, 2022, 7:23 AM

Your probably right about that, I still can't get my head around the firewall rules. I am looking in the logs to see what is happening but it seems the basic stuff controls everything.......well I will continue to keep reading.
Thanks again for the help

Bob.Dig · May 12, 2022, 7:27 AM

@ace-1 It is easy.

login-to-view
For instance, your rule there has a destination of any (everything) and it has a gateway set, which means, everything has to go through that gateway out to the internet, so no chance for you to connect to IoT anymore.