• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Setup Policy Based Routing and Multi VPN That Stop Certain IP's from Internet

Scheduled Pinned Locked Moved OpenVPN
5 Posts 1 Posters 2.9k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • A
    archedraft
    last edited by Oct 28, 2013, 10:49 PM Oct 28, 2013, 7:59 PM

    How to use Policy Based Routing and Multi VPN

    1. Make 2 VPN clients

    • I Followed this guide http://www.komodosteve.com/archives/232

    • NOTES: I used the same server port for both VPN's

    • NOTES: I added the following commands into Advanced Config (When pfSense first boots it will randomly pick of the the 3 VPN_IP's

    • SCREENSHOT: OpenVPN Client 1

    • SCREENSHOT: OpenVPN Client 2

    remote_VPN IP_#1 Port#;
    remote VPN_IP_#2 Port#;
    remote VPN_IP_#3 Port#;
    remote-random;

    2. Check to make sure you have three gateways: System -> Routing - Gateways (WAN_HDCP, USA VPN, EU VPN)

    • SCREENSHOT: System Gateways

    3. Next go to Firewall -> Aliases

    • This is where you will setup two aliases for the USA VPN's and EU VPN's

    • Make sure you have static IP address for the machines

    4. Next go to Firewall -> Rules -> Lan

    • I made 3 rules (1 that redircts the EU vpn through the EU gateway, 1 that redirects the US vpn through the US gateway, and 1 that selects every other IP address not specified in aliases and sends it to the defualt WAN gateway)

    • Proto: ANY, Source: Alias, Gateway: VPN

    • SCREENSHOT: Firewall Rules 1

    • SCREENSHOT: Firewall Rules 2

    5. Next go to Firewall -> NAT -> Outbound

    • First delete all rules

    • Select "Automatic outbound NAT rule generation" and click save

    • Select "Manual Outbound NAT rule generation" and click save

    • This should auto created any rules needed for the VPN's

    • Now create a rule that will stop traffic if the VPN is down

    • Click "Do not NAT", Interface "WAN", Protocol "any", Source "Alias"

    • MAKE SURE you move the rule to the top of the list as pfsense carries out rules from top down

    • SCREENSHOT: Firewall NAT Outbound 1

    • SCREENSHOT: Firewall NAT Outbound 2

    5. Next to go Firewall -> Rules -> Floating Rules

    • Action "Block", Interface "WAN", Direction "any", Protocol "any", Source "alias"

    • SCREENSHOT: Firewall Rules Floating 1

    • SCREENSHOT: Firewall Rules Floating 2

    • This along with with #5  will block your machine from going to internet

    Special thanks to m3ki for all the help
    http://forum.pfsense.org/index.php/topic,68191.30.html
    http://forum.pfsense.org/index.php/topic,65331.0.html
    ![OpenVPN Client 1.JPG](/public/imported_attachments/1/OpenVPN Client 1.JPG)
    ![OpenVPN Client 1.JPG_thumb](/public/imported_attachments/1/OpenVPN Client 1.JPG_thumb)

    1 Reply Last reply Reply Quote 0
    • A
      archedraft
      last edited by Oct 28, 2013, 7:59 PM

      More Screenshots

      ![OpenVPN Client 2.JPG](/public/imported_attachments/1/OpenVPN Client 2.JPG)
      ![OpenVPN Client 2.JPG_thumb](/public/imported_attachments/1/OpenVPN Client 2.JPG_thumb)
      ![System Gateways.JPG](/public/imported_attachments/1/System Gateways.JPG)
      ![System Gateways.JPG_thumb](/public/imported_attachments/1/System Gateways.JPG_thumb)
      ![Firewall Rules 1.JPG](/public/imported_attachments/1/Firewall Rules 1.JPG)
      ![Firewall Rules 1.JPG_thumb](/public/imported_attachments/1/Firewall Rules 1.JPG_thumb)

      1 Reply Last reply Reply Quote 0
      • A
        archedraft
        last edited by Oct 28, 2013, 8:00 PM

        More Screenshots

        ![Firewall Rules 2.JPG](/public/imported_attachments/1/Firewall Rules 2.JPG)
        ![Firewall Rules 2.JPG_thumb](/public/imported_attachments/1/Firewall Rules 2.JPG_thumb)
        ![Firewall NAT Outbound 1.JPG](/public/imported_attachments/1/Firewall NAT Outbound 1.JPG)
        ![Firewall NAT Outbound 1.JPG_thumb](/public/imported_attachments/1/Firewall NAT Outbound 1.JPG_thumb)

        1 Reply Last reply Reply Quote 0
        • A
          archedraft
          last edited by Oct 28, 2013, 8:00 PM

          More Screenshots

          ![Firewall NAT Outbound 2.JPG](/public/imported_attachments/1/Firewall NAT Outbound 2.JPG)
          ![Firewall NAT Outbound 2.JPG_thumb](/public/imported_attachments/1/Firewall NAT Outbound 2.JPG_thumb)
          ![Firewall Rules Floating 1.JPG](/public/imported_attachments/1/Firewall Rules Floating 1.JPG)
          ![Firewall Rules Floating 1.JPG_thumb](/public/imported_attachments/1/Firewall Rules Floating 1.JPG_thumb)

          1 Reply Last reply Reply Quote 0
          • A
            archedraft
            last edited by Oct 29, 2013, 1:19 PM Oct 28, 2013, 8:01 PM

            More Screenshots

            ![Firewall Rules Floating 2.JPG](/public/imported_attachments/1/Firewall Rules Floating 2.JPG)
            ![Firewall Rules Floating 2.JPG_thumb](/public/imported_attachments/1/Firewall Rules Floating 2.JPG_thumb)

            1 Reply Last reply Reply Quote 0
            5 out of 5
            • First post
              5/5
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
              This community forum collects and processes your personal information.
              consent.not_received