Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Routing certain machines through VPN

    Firewalling
    2
    3
    1.8k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      ccisco
      last edited by

      Hi everyone,

      I am trying to learn about pfSense and have so far managed to configure it as I need.

      A VPN connection stands, I have squid installed and working as transparent proxy.

      Now I have stumbled onto a problem, that I thought was easy to solve. But after reading countless pages I still am unable to get it to work.

      Here is what I want:
      I want to route all my traffic through my WAN connection and only one IP through the VPN.
      Additionally I want traffic going through a certain port to go through VPN as well.
      This would allow me to use the internet without VPN and only when I want to "switch on" the VPN for a specific machine by proxying through another port.

      This should look like this (192.168.0.1 is pfSense):
      192.168.0.2-100 -> 192.168.0.1:80 -> WAN
      192.168.0.2-100 -> 192.168.0.1:someport -> VPN
      192.168.0.5 -> 192.168.0.1 -> VPN

      So far I can only have all connections from all IPs routed through VPN or none.

      I don't know if I need firewall rules (the ones I tried didn't do much good) or a different proxy configuration.

      I hope someone is able to help me out on this one or has a better idea on how I would be able to achieve my goal.
      Help would be really appreciated.

      Regards

      1 Reply Last reply Reply Quote 0
      • D
        d_mito
        last edited by

        Hi,

        post what did you tried till now.

        I think firewall is the right place for you.
        There is advanced option where i can select my gateway. Can't make test now.

        Also there is another thing in System -> Routing -> Groups
        Note: Remember to use these Gateway Groups in firewall rules in order to enable load balancing, failover, or policy-based routing. Without rules directing traffic into the Gateway Groups, they will not be used.

        Hope this will help.

        1 Reply Last reply Reply Quote 0
        • C
          ccisco
          last edited by

          Hi,

          thanks for your reply.

          Here is what I tried so far:
          Firewall Rule -> LAN interface, from LAN subnet , to any, Gateway=WAN
          Firewall Rule -> LAN interface, from any, to any, Gateway=WAN
          Firewall Rule -> VPN interface, from LAN subnet, to any, Gateway=WAN
          Firewall Rule -> VPN interface, from any, to any, Gateway=WAN

          Then I made a Routing Group as you suggested.
          Routing Group -> created Group with WAN=Tier1, VPN=Never (I also tried Tier2)

          Then I tried the same rules as above but with Gateway=RoutingGroup

          I also tried a rule on VPN interface blocking all traffic from LAN subnet, but it still went through.
          I think I am either misunderstanding how to use these rules or they don't have any effect…
          The only thing I managed in the meantime was that no traffic at all went through.

          I hope you or someone else can give a few more tips.

          Thanks in advance.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.