Routing certain machines through VPN
ccisco last edited by
I am trying to learn about pfSense and have so far managed to configure it as I need.
A VPN connection stands, I have squid installed and working as transparent proxy.
Now I have stumbled onto a problem, that I thought was easy to solve. But after reading countless pages I still am unable to get it to work.
Here is what I want:
I want to route all my traffic through my WAN connection and only one IP through the VPN.
Additionally I want traffic going through a certain port to go through VPN as well.
This would allow me to use the internet without VPN and only when I want to "switch on" the VPN for a specific machine by proxying through another port.
This should look like this (192.168.0.1 is pfSense):
192.168.0.2-100 -> 192.168.0.1:80 -> WAN
192.168.0.2-100 -> 192.168.0.1:someport -> VPN
192.168.0.5 -> 192.168.0.1 -> VPN
So far I can only have all connections from all IPs routed through VPN or none.
I don't know if I need firewall rules (the ones I tried didn't do much good) or a different proxy configuration.
I hope someone is able to help me out on this one or has a better idea on how I would be able to achieve my goal.
Help would be really appreciated.
d_mito last edited by
post what did you tried till now.
I think firewall is the right place for you.
There is advanced option where i can select my gateway. Can't make test now.
Also there is another thing in System -> Routing -> Groups
Note: Remember to use these Gateway Groups in firewall rules in order to enable load balancing, failover, or policy-based routing. Without rules directing traffic into the Gateway Groups, they will not be used.
Hope this will help.
ccisco last edited by
thanks for your reply.
Here is what I tried so far:
Firewall Rule -> LAN interface, from LAN subnet , to any, Gateway=WAN
Firewall Rule -> LAN interface, from any, to any, Gateway=WAN
Firewall Rule -> VPN interface, from LAN subnet, to any, Gateway=WAN
Firewall Rule -> VPN interface, from any, to any, Gateway=WAN
Then I made a Routing Group as you suggested.
Routing Group -> created Group with WAN=Tier1, VPN=Never (I also tried Tier2)
Then I tried the same rules as above but with Gateway=RoutingGroup
I also tried a rule on VPN interface blocking all traffic from LAN subnet, but it still went through.
I think I am either misunderstanding how to use these rules or they don't have any effect…
The only thing I managed in the meantime was that no traffic at all went through.
I hope you or someone else can give a few more tips.
Thanks in advance.