Route specific ip's to different gateway



  • So I use pfsense as my default gateway, but I have a hardware vpn client at xxx.xxx.xxx.254 and need to route all traffic from specific ip's say xxx.xxx.xxx.71 to that gateway. I just have no idea how to do it. I tried creating a new gateway in system > routing > gateways pointing to xxx.xxx.xxx.254, then creating a lan firewall rule set to allow all with the new gateway. but this does not seem to work.

    I am testing by going to a whats my ip webpage. if i manually change my computers gateway to 254 it shows the vpn ip.

    any help would be great!



  • This firewall rule… is it higher up in the list than the "Default allow LAN to any" rule?

    I've set up something similar, but with an OpenVPN client running on my pfSense box. I have a computer that is directed out the VPN connection, while everything else is going out via my normal ISP connection. My LAN rule set is something like....

    1. Source - 192.168.1.25, Dest. - Any, GW - VPN
    2. Source - LAN Net, Dest. - Any, GW - Default

    Remember that packets will be processed against the rules from the top down.


  • LAYER 8 Netgate

    That's going to be problematic because you'd need to route traffic out the same interface it came in on.

    If you have, say:

    192.168.1.1/24 pfSense LAN
    192.168.1.25 Host
    192.168.1.254 VPN device

    If you set the default gateway on 192.168.1.25 to 192.168.1.1, then make a rule on LAN sending traffic from 192.168.1.25 to 192.168.1.254 it's going to get weird.

    Why not just set the default gateway of the host to 192.168.1.254 if that's how you want it to behave anyway?  Then there's almost no possibility of leakage.

    What does the VPN device do that pfSense can't do itself?


Log in to reply