Configure VPN on only LAN interface?
-
I'm very green at this stuff, so please bear with me as I ask questions.
I have an SG-1100 and use the OPT port for work; everything else goes through the LAN interface.
I would like to route all of my own traffic (LAN interface only) through a VPN. My work PC on the OPT interface has its own company VPN.
First, is this possible (I assume so, given how flexible and robust pfsense is).
Is there a tutorial I can read to help me configure this? I'm willing to invest the time to do the research and don't expect others to do the lifting for me. I just need to know where to start.
Thank you.
-
@nguser6947
Yes, that's doable with pfSense for sure.pfSense provise multiple ways to route traffic to specific gateways:
- default route
- static route
- policy routing (can be configured in firewall rules)
In your case, as I got it, you want to route any traffic over the VPN except that one from devices connected to the specific OPT interface.
So you can use the default route and point it to the VPN server, which might be already done, I guess. (Normally the VPN provider pushes the default route to the client.)For the OPT interface use policy routing to bypass the VPN and direct traffic to the WAN gateway.
Read the Policy Routing Configuration chapter in the pfSense book for details.Also obey the Bypassing Policy Routing section with the RFC1918 alias if you need to access local destinations from the OPT interface as well, e.g. DNS access to the pfSense Resolver.
Remember that a policy routing rule directs any traffic it's matching to to the stated gateway. I.e. if the rule matches you cannot reach local destinations. Therefore you have to an additional rule for local destinations.