Setup Policy Based Routing and Multi VPN That Stop Certain IP's from Internet

  • How to use Policy Based Routing and Multi VPN

    1. Make 2 VPN clients

    • I Followed this guide

    • NOTES: I used the same server port for both VPN's

    • NOTES: I added the following commands into Advanced Config (When pfSense first boots it will randomly pick of the the 3 VPN_IP's

    • SCREENSHOT: OpenVPN Client 1

    • SCREENSHOT: OpenVPN Client 2

    remote_VPN IP_#1 Port#;
    remote VPN_IP_#2 Port#;
    remote VPN_IP_#3 Port#;

    2. Check to make sure you have three gateways: System -> Routing - Gateways (WAN_HDCP, USA VPN, EU VPN)

    • SCREENSHOT: System Gateways

    3. Next go to Firewall -> Aliases

    • This is where you will setup two aliases for the USA VPN's and EU VPN's

    • Make sure you have static IP address for the machines

    4. Next go to Firewall -> Rules -> Lan

    • I made 3 rules (1 that redircts the EU vpn through the EU gateway, 1 that redirects the US vpn through the US gateway, and 1 that selects every other IP address not specified in aliases and sends it to the defualt WAN gateway)

    • Proto: ANY, Source: Alias, Gateway: VPN

    • SCREENSHOT: Firewall Rules 1

    • SCREENSHOT: Firewall Rules 2

    5. Next go to Firewall -> NAT -> Outbound

    • First delete all rules

    • Select "Automatic outbound NAT rule generation" and click save

    • Select "Manual Outbound NAT rule generation" and click save

    • This should auto created any rules needed for the VPN's

    • Now create a rule that will stop traffic if the VPN is down

    • Click "Do not NAT", Interface "WAN", Protocol "any", Source "Alias"

    • MAKE SURE you move the rule to the top of the list as pfsense carries out rules from top down

    • SCREENSHOT: Firewall NAT Outbound 1

    • SCREENSHOT: Firewall NAT Outbound 2

    5. Next to go Firewall -> Rules -> Floating Rules

    • Action "Block", Interface "WAN", Direction "any", Protocol "any", Source "alias"

    • SCREENSHOT: Firewall Rules Floating 1

    • SCREENSHOT: Firewall Rules Floating 2

    • This along with with #5  will block your machine from going to internet

    Special thanks to m3ki for all the help,68191.30.html,65331.0.html
    ![OpenVPN Client 1.JPG](/public/imported_attachments/1/OpenVPN Client 1.JPG)
    ![OpenVPN Client 1.JPG_thumb](/public/imported_attachments/1/OpenVPN Client 1.JPG_thumb)

  • More Screenshots

    ![OpenVPN Client 2.JPG](/public/imported_attachments/1/OpenVPN Client 2.JPG)
    ![OpenVPN Client 2.JPG_thumb](/public/imported_attachments/1/OpenVPN Client 2.JPG_thumb)
    ![System Gateways.JPG](/public/imported_attachments/1/System Gateways.JPG)
    ![System Gateways.JPG_thumb](/public/imported_attachments/1/System Gateways.JPG_thumb)
    ![Firewall Rules 1.JPG](/public/imported_attachments/1/Firewall Rules 1.JPG)
    ![Firewall Rules 1.JPG_thumb](/public/imported_attachments/1/Firewall Rules 1.JPG_thumb)

  • More Screenshots

    ![Firewall Rules 2.JPG](/public/imported_attachments/1/Firewall Rules 2.JPG)
    ![Firewall Rules 2.JPG_thumb](/public/imported_attachments/1/Firewall Rules 2.JPG_thumb)
    ![Firewall NAT Outbound 1.JPG](/public/imported_attachments/1/Firewall NAT Outbound 1.JPG)
    ![Firewall NAT Outbound 1.JPG_thumb](/public/imported_attachments/1/Firewall NAT Outbound 1.JPG_thumb)

  • More Screenshots

    ![Firewall NAT Outbound 2.JPG](/public/imported_attachments/1/Firewall NAT Outbound 2.JPG)
    ![Firewall NAT Outbound 2.JPG_thumb](/public/imported_attachments/1/Firewall NAT Outbound 2.JPG_thumb)
    ![Firewall Rules Floating 1.JPG](/public/imported_attachments/1/Firewall Rules Floating 1.JPG)
    ![Firewall Rules Floating 1.JPG_thumb](/public/imported_attachments/1/Firewall Rules Floating 1.JPG_thumb)

  • More Screenshots

    ![Firewall Rules Floating 2.JPG](/public/imported_attachments/1/Firewall Rules Floating 2.JPG)
    ![Firewall Rules Floating 2.JPG_thumb](/public/imported_attachments/1/Firewall Rules Floating 2.JPG_thumb)

Log in to reply