Routing certain machines through VPN



  • Hi everyone,

    I am trying to learn about pfSense and have so far managed to configure it as I need.

    A VPN connection stands, I have squid installed and working as transparent proxy.

    Now I have stumbled onto a problem, that I thought was easy to solve. But after reading countless pages I still am unable to get it to work.

    Here is what I want:
    I want to route all my traffic through my WAN connection and only one IP through the VPN.
    Additionally I want traffic going through a certain port to go through VPN as well.
    This would allow me to use the internet without VPN and only when I want to "switch on" the VPN for a specific machine by proxying through another port.

    This should look like this (192.168.0.1 is pfSense):
    192.168.0.2-100 -> 192.168.0.1:80 -> WAN
    192.168.0.2-100 -> 192.168.0.1:someport -> VPN
    192.168.0.5 -> 192.168.0.1 -> VPN

    So far I can only have all connections from all IPs routed through VPN or none.

    I don't know if I need firewall rules (the ones I tried didn't do much good) or a different proxy configuration.

    I hope someone is able to help me out on this one or has a better idea on how I would be able to achieve my goal.
    Help would be really appreciated.

    Regards



  • Hi,

    post what did you tried till now.

    I think firewall is the right place for you.
    There is advanced option where i can select my gateway. Can't make test now.

    Also there is another thing in System -> Routing -> Groups
    Note: Remember to use these Gateway Groups in firewall rules in order to enable load balancing, failover, or policy-based routing. Without rules directing traffic into the Gateway Groups, they will not be used.

    Hope this will help.



  • Hi,

    thanks for your reply.

    Here is what I tried so far:
    Firewall Rule -> LAN interface, from LAN subnet , to any, Gateway=WAN
    Firewall Rule -> LAN interface, from any, to any, Gateway=WAN
    Firewall Rule -> VPN interface, from LAN subnet, to any, Gateway=WAN
    Firewall Rule -> VPN interface, from any, to any, Gateway=WAN

    Then I made a Routing Group as you suggested.
    Routing Group -> created Group with WAN=Tier1, VPN=Never (I also tried Tier2)

    Then I tried the same rules as above but with Gateway=RoutingGroup

    I also tried a rule on VPN interface blocking all traffic from LAN subnet, but it still went through.
    I think I am either misunderstanding how to use these rules or they don't have any effect…
    The only thing I managed in the meantime was that no traffic at all went through.

    I hope you or someone else can give a few more tips.

    Thanks in advance.


Locked