Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Configure VPN on only LAN interface?

    Scheduled Pinned Locked Moved General pfSense Questions
    2 Posts 2 Posters 376 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      NGUSER6947
      last edited by

      I'm very green at this stuff, so please bear with me as I ask questions.

      I have an SG-1100 and use the OPT port for work; everything else goes through the LAN interface.

      I would like to route all of my own traffic (LAN interface only) through a VPN. My work PC on the OPT interface has its own company VPN.

      First, is this possible (I assume so, given how flexible and robust pfsense is).

      Is there a tutorial I can read to help me configure this? I'm willing to invest the time to do the research and don't expect others to do the lifting for me. I just need to know where to start.

      Thank you.

      V 1 Reply Last reply Reply Quote 0
      • V
        viragomann @NGUSER6947
        last edited by

        @nguser6947
        Yes, that's doable with pfSense for sure.

        pfSense provise multiple ways to route traffic to specific gateways:

        • default route
        • static route
        • policy routing (can be configured in firewall rules)

        In your case, as I got it, you want to route any traffic over the VPN except that one from devices connected to the specific OPT interface.
        So you can use the default route and point it to the VPN server, which might be already done, I guess. (Normally the VPN provider pushes the default route to the client.)

        For the OPT interface use policy routing to bypass the VPN and direct traffic to the WAN gateway.
        Read the Policy Routing Configuration chapter in the pfSense book for details.

        Also obey the Bypassing Policy Routing section with the RFC1918 alias if you need to access local destinations from the OPT interface as well, e.g. DNS access to the pfSense Resolver.
        Remember that a policy routing rule directs any traffic it's matching to to the stated gateway. I.e. if the rule matches you cannot reach local destinations. Therefore you have to an additional rule for local destinations.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.