Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    opt1 direct to wan

    Scheduled Pinned Locked Moved General pfSense Questions
    9 Posts 2 Posters 606 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • E
      elmo1943
      last edited by

      I use pfSense plus for pfBlockerNG as much as for a better firewall. I have expressvpn on a wrt3200acm router with expressvpn firmware (Phoenix) that is much faster (speedtest.com) on OPT1 than service provider over LAN (PPPoE WAN). I am in Japan so vpn is a must. I could not get obi200 to work on expressvpn so it is on OPT2 with rt-ax86u with ASUS firmware and surfshark vpn (Las Vegas). I tried to block source rfc1918 destination !LAN, but I still get local ip connections sometimes (few). Can I still use wifi to router and still have pfBlockerNG with not allowing LAN to get out to internet? I can live with this but I really would like to fix if possible. Thank you.

      1 Reply Last reply Reply Quote 0
      • stephenw10S
        stephenw10 Netgate Administrator
        last edited by

        If clients are connecting directly to the wifi routers and traffic goes out over VPN then pfBlocker would not see that client traffic. It would only ever see the VPN traffic which it must always pass. So it could not filter client traffic.

        Perhaps I've misunderstood the situation? A diagram may help a lot here.

        Steve

        E 1 Reply Last reply Reply Quote 0
        • E
          elmo1943 @stephenw10
          last edited by

          @stephenw10 Thanks,
          Yes, I hope all will use wifi on vpn router to access internet. Can I install pfBlockerNG on OPT1 as well as on pfSense plus? My computer skills are not up to a drawing, just up to having pfSense plus over regular router.

          1 Reply Last reply Reply Quote 0
          • stephenw10S
            stephenw10 Netgate Administrator
            last edited by

            pfBlocker-ng is installed in pfSense and can operate on all interfaces. It can be installed on CE and Plus.

            It can only filter traffic that isn't in the VPN when it passes pfSense though.

            I'm not sure what order you have these devices connected in?

            E 1 Reply Last reply Reply Quote 0
            • E
              elmo1943 @stephenw10
              last edited by

              @stephenw10 Thank you,
              The vpn routers are on opt1 and opt2. opt1 has expressvpn firmware, opt2 has surfshare vpn and is ASUS firmware. Prior to pfSense and pfBlockerNG I was getting 100-150 bad emails, now down to 5-20. Surfshark uses open vpn and expressvpn has own system. My vpn internet access to Pheonix or Las Vegas is twice as fast as with local ip according to speedtest.com.

              1 Reply Last reply Reply Quote 0
              • stephenw10S
                stephenw10 Netgate Administrator
                last edited by

                I'm still unclear how your traffic is being routed here.

                Does traffic from your client go first to the pfSense LAN and then to the VPN routers?

                Or directly to the VPN routers using wifi?

                E 1 Reply Last reply Reply Quote 0
                • E
                  elmo1943 @stephenw10
                  last edited by

                  @stephenw10 Very small system. All internet access is wifi to vpn router connected to opt1 (or opt2) on pfSense plus which has PPPoE connection to local fiber modem to local provider. Tried vpn on pfSense 2.5 but was very very slow (may not have installed correctly). Vpn connected to opt1 is as fast as direct connection to fiber modem, I get a lot of bad emails if router is direct to modem. Lan is 192.168.20.1, opt1 is 192.168.30.1, opt2 is 192.168.40.1, dhcp on both routers enabled.

                  1 Reply Last reply Reply Quote 0
                  • stephenw10S
                    stephenw10 Netgate Administrator
                    last edited by

                    Ok, then the traffic from the client is encrypted in the VPN router and pfBlocker cannot filter it.

                    Only traffic that bypasses the VPN will go through the pfBlocker filtering.

                    E 1 Reply Last reply Reply Quote 0
                    • E
                      elmo1943 @stephenw10
                      last edited by

                      @stephenw10 Thank you, I can live with what it is. elmo

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.