• Hi! Is there someone that can tell me if, in pfsense, is it possible to use "policy routing" like in linux, to decide which route a particular host on a lan must take when trying to reach another host on a different lan. On both lan there will be a pfsense box, and two vpn on to different wan interface. At the moment this is accomplished with a linuxbox+shorewall+openvpn. The purpose of this setup, is that when host1 on the local subnet of site a try to communicate with a host2 on the remote subnet on site b, a routing policy impose the connection to flow on the vpn estabilished over wan2 on both firewall. And for other communications, i impose to use the other vpn. I'll attach a pic, containing the net diagram, implemented on both sites.


  • I don't know much about VPN config on pfSense, but the policy routing part should be easy to do.

    In the firewall you can choose the Interface of pfsense, where the client comes in (lan, ..),
    the protocol (tcp, udp, any, …),
    the source, (any, single host, lan adress, lan subnet, network, ...)
    and the same for destination.
    And you can set the gateway, you whish to use for that special connection.

    This should work without problems for both the single host1 / host2 communication (this rule first), and the rest of lan 1 to communicate with lan 2.

  • Yes. The firewall rules all have a selection for gateway that allows policy routing.

  • Ok, but you cannot choose tun0 or tun1 as the default gateway in firewall rules at the moment with the gui, or am i wrong? So how can i tell host1 to use that vpn when trying to reach host2 on the remote site? Do i've to use the shell?


  • That's completely different. That's a question for the OpenVPN board here, not routing. I think you need to push the appropriate routes to your clients. See the OpenVPN page on doc.pfsense.org, I think it has the info you need.