Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login
    Introducing Netgate Nexus: Multi-Instance Management at Your Fingertips.

    Route certain ports over OpenVPN

    Scheduled Pinned Locked Moved Routing and Multi WAN
    5 Posts 3 Posters 2.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P Offline
      PhantomGhost
      last edited by

      Evening everyone. I'm fairly new to this, and only been running pfSense a few months now. I had this working once before, and then my pfSense box had some trouble and I had to rebuild it, and now its driving me crazy that I can't make it work.

      I have an OpenVPN connection where my pfSense box is the client, and I want to route certain port ranges over this tunnel while the rest of my normal traffic goes over the normal WAN interface. I've tried to search the site, but the threads I've found haven't helped me yet. I know it has to be something simple I am missing. I have the VPN connection working fine, I then created an interface for the connection. Once I made that connection, and verified the interface had an IP address, I made a new LAN rule on the Firewall to route all traffic from source port 15000 from a select host, going to any destination, and under the advanced settings at the bottom I chose the VPN interface for the gateway.

      I thought this would be enough, but it wasnt… If I make a new rule and select an entire host, the traffic reroutes fines over VPN, but when I choose a single port, or range of ports, it seems the rule is ignored. I turned on logging for the rule, and I can see the logs show up under the firewall tab, so I know the rule is being seen, otherwise it wouldnt show up there, but the traffic still goes over the WAN interface. I have allow all rules set for the VPN interface under NAT Outgoing, I'm not sure what else I need to set...

      Does anyone have any ideas on why this isn't working? I would certainly appreciate any help, as this is driving me nuts. I spent days trying to figure it out on my own since I knew I had done it before, but for the life of me and I can't figure out what I have missed this time. Thanks for any help.

      1 Reply Last reply Reply Quote 0
      • P Offline
        PhantomGhost
        last edited by

        Any thoughts at all?

        1 Reply Last reply Reply Quote 0
        • H Offline
          heper
          last edited by

          you probably should not use source-port but instead use destination-port.
          source-ports are almost allways randomly generated.

          so if you would want to send all http traffic over the vpn (port 80), you should do something like this:

          on LAN tab

          source: lan-subnet | sourceport: any --> Destination:any |destinationport: 80  |||| Gateway: openvpn-tunnel-interface

          enjoy

          1 Reply Last reply Reply Quote 0
          • P Offline
            PhantomGhost
            last edited by

            That's certainly a good thought, I hadn't tried that. Unfortunately it still didn't work. I can see the rule is being logged (I have logging disabled for all other rules) so I know it is picking out the traffic that should be routed, but it still isn't. All the traffic is still going out over the WAN. When I had the source port selected, I could also see the traffic being routed then too, so I'm not sure if this helps. Any other thoughts?

            1 Reply Last reply Reply Quote 0
            • K Offline
              kantlivelong
              last edited by

              Replied to your PM

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2026 Rubicon Communications LLC (Netgate). All rights reserved.