VPN Firewall Rules



  • Hi,
    I am a new member of this site, but have been using pfsense for about 5 years now. I am running 2.0.1 on an older Dell XEON rack-mount computer. I have had good success with this machine, although somewhat noisy, but recently I am experiencing a problem with a permanent Peer-to-peer VPN connexion from my site to Private Internet Access using Openvpn.

    Now the VPN works fine, however I only wish to use it to access certain US based addresses from my site in Canada. So I have made an Alias entry which contains the IP addresses of the sites I wish to segregate and access ONLY via the PIA VPN. This rule appears before the all-in rule on the LAN tab and ideally it would only send through the VPN the traffic destined to specific addresses. However, it appears that ALL my traffic is going through the VPN and can't seem to segregate it.. Not sure what I am doing wrong.
    Should I create an exception rule, i.e. have everything NOT in the alias list go through the WAN and the rest the VPN ?
    Any help would be Greeeaaaatly appreciated.

    cheers,

    Christian L.

    PS: I have tried to upgrade to 2.1, however I am having a hardware issue with my PCI NIC so had to downgrade back to 2.0.1 for the time being.



  • Hi,
    you have to create a Pass rule on top of LAN rule set where you use your Alias list for destination and down in advanced setting area at Gateway you have to select your VPN gateway.

    It should work this way. Otherwise post the precise rule you have made, please.



  • PIA is probably sending the OpenVPN client a route for the whole internet, and pfSense is obeying that route. In OpenVPN Client Advanced box you can put "route-nopull" - then the route given by PIA will be ignored, and just the special traffic in the firewall rule will get routed over PIA.


Log in to reply