opt1 direct to wan
-
I use pfSense plus for pfBlockerNG as much as for a better firewall. I have expressvpn on a wrt3200acm router with expressvpn firmware (Phoenix) that is much faster (speedtest.com) on OPT1 than service provider over LAN (PPPoE WAN). I am in Japan so vpn is a must. I could not get obi200 to work on expressvpn so it is on OPT2 with rt-ax86u with ASUS firmware and surfshark vpn (Las Vegas). I tried to block source rfc1918 destination !LAN, but I still get local ip connections sometimes (few). Can I still use wifi to router and still have pfBlockerNG with not allowing LAN to get out to internet? I can live with this but I really would like to fix if possible. Thank you.
-
If clients are connecting directly to the wifi routers and traffic goes out over VPN then pfBlocker would not see that client traffic. It would only ever see the VPN traffic which it must always pass. So it could not filter client traffic.
Perhaps I've misunderstood the situation? A diagram may help a lot here.
Steve
-
@stephenw10 Thanks,
Yes, I hope all will use wifi on vpn router to access internet. Can I install pfBlockerNG on OPT1 as well as on pfSense plus? My computer skills are not up to a drawing, just up to having pfSense plus over regular router. -
pfBlocker-ng is installed in pfSense and can operate on all interfaces. It can be installed on CE and Plus.
It can only filter traffic that isn't in the VPN when it passes pfSense though.
I'm not sure what order you have these devices connected in?
-
@stephenw10 Thank you,
The vpn routers are on opt1 and opt2. opt1 has expressvpn firmware, opt2 has surfshare vpn and is ASUS firmware. Prior to pfSense and pfBlockerNG I was getting 100-150 bad emails, now down to 5-20. Surfshark uses open vpn and expressvpn has own system. My vpn internet access to Pheonix or Las Vegas is twice as fast as with local ip according to speedtest.com. -
I'm still unclear how your traffic is being routed here.
Does traffic from your client go first to the pfSense LAN and then to the VPN routers?
Or directly to the VPN routers using wifi?
-
@stephenw10 Very small system. All internet access is wifi to vpn router connected to opt1 (or opt2) on pfSense plus which has PPPoE connection to local fiber modem to local provider. Tried vpn on pfSense 2.5 but was very very slow (may not have installed correctly). Vpn connected to opt1 is as fast as direct connection to fiber modem, I get a lot of bad emails if router is direct to modem. Lan is 192.168.20.1, opt1 is 192.168.30.1, opt2 is 192.168.40.1, dhcp on both routers enabled.
-
Ok, then the traffic from the client is encrypted in the VPN router and pfBlocker cannot filter it.
Only traffic that bypasses the VPN will go through the pfBlocker filtering.
-
@stephenw10 Thank you, I can live with what it is. elmo
