• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Routing certain machines through VPN

Scheduled Pinned Locked Moved Firewalling
3 Posts 2 Posters 1.8k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • C
    ccisco
    last edited by Mar 31, 2011, 9:50 PM

    Hi everyone,

    I am trying to learn about pfSense and have so far managed to configure it as I need.

    A VPN connection stands, I have squid installed and working as transparent proxy.

    Now I have stumbled onto a problem, that I thought was easy to solve. But after reading countless pages I still am unable to get it to work.

    Here is what I want:
    I want to route all my traffic through my WAN connection and only one IP through the VPN.
    Additionally I want traffic going through a certain port to go through VPN as well.
    This would allow me to use the internet without VPN and only when I want to "switch on" the VPN for a specific machine by proxying through another port.

    This should look like this (192.168.0.1 is pfSense):
    192.168.0.2-100 -> 192.168.0.1:80 -> WAN
    192.168.0.2-100 -> 192.168.0.1:someport -> VPN
    192.168.0.5 -> 192.168.0.1 -> VPN

    So far I can only have all connections from all IPs routed through VPN or none.

    I don't know if I need firewall rules (the ones I tried didn't do much good) or a different proxy configuration.

    I hope someone is able to help me out on this one or has a better idea on how I would be able to achieve my goal.
    Help would be really appreciated.

    Regards

    1 Reply Last reply Reply Quote 0
    • D
      d_mito
      last edited by Mar 31, 2011, 10:22 PM

      Hi,

      post what did you tried till now.

      I think firewall is the right place for you.
      There is advanced option where i can select my gateway. Can't make test now.

      Also there is another thing in System -> Routing -> Groups
      Note: Remember to use these Gateway Groups in firewall rules in order to enable load balancing, failover, or policy-based routing. Without rules directing traffic into the Gateway Groups, they will not be used.

      Hope this will help.

      1 Reply Last reply Reply Quote 0
      • C
        ccisco
        last edited by Apr 1, 2011, 2:03 PM

        Hi,

        thanks for your reply.

        Here is what I tried so far:
        Firewall Rule -> LAN interface, from LAN subnet , to any, Gateway=WAN
        Firewall Rule -> LAN interface, from any, to any, Gateway=WAN
        Firewall Rule -> VPN interface, from LAN subnet, to any, Gateway=WAN
        Firewall Rule -> VPN interface, from any, to any, Gateway=WAN

        Then I made a Routing Group as you suggested.
        Routing Group -> created Group with WAN=Tier1, VPN=Never (I also tried Tier2)

        Then I tried the same rules as above but with Gateway=RoutingGroup

        I also tried a rule on VPN interface blocking all traffic from LAN subnet, but it still went through.
        I think I am either misunderstanding how to use these rules or they don't have any effect…
        The only thing I managed in the meantime was that no traffic at all went through.

        I hope you or someone else can give a few more tips.

        Thanks in advance.

        1 Reply Last reply Reply Quote 0
        3 out of 3
        • First post
          3/3
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
          This community forum collects and processes your personal information.
          consent.not_received