Can pfsense restrict a couple of defined IP add. to use vpn?



  • Hey. Finally i succeeded the Openvpn configuration with IPVanish.
    but i was wondering if it is possible to make a restriction so it was only 2 out of my 10 IP clients on the LAN there can use the VPN?



  • You are using policy based routing with a rule you added on your lan to make the whole /24 go out via vpn interface right?

    If instead of 1 rule for the whole /24, you were to make 2 rules for a /31 each for the IP of the machines you want to use the VPN, shouldn't that do it?



  • i haven't made any rules other than a Nat outbound rule.
    i must admit i am still a noob when it comes to pfsense and firewall rules.

    so  what you are saying is that i should delete the one i created (see attachment) and then create a new rule for each ip

    Example :

    interface : OPT3
    Source : 10.0.1.55 (could be my laptop)
    NAT ADD : OPT3 Addresses

    and then do that for each individual client?




  • This VPN is running on pfsense right?

    Can you send me the link to the guide you used to set it up?



  • of Course here it is : https://forum.pfsense.org/index.php/topic,66467.0.html

    and then i did create the nat rule as phathat suggested to get it to work.
    and the "advance settings"  wasnt working so i had to remove them



  • Strange - Seems like there is nothing there to tell pfsense which gateway should be used by machines on the LAN and when…

    Its not the way I would have set things up I guess.

    "This guide only covers routing all of your traffic out the OpenVPN tunnel." - Not a good sign for you...



  • yep  was also confused with this method/guide
    but i i am a bit limited here because of my knowledge to the subject ;)



  • can i ask you how you would have done it ? it is always nice to see one thing in different perspectives



  • I'm not sure - You may still be able to put rules on the LAN firewall to tell certain traffic to exit the WAN gateway.



  • well thx ;) I hope it isn't too much but can i ask for an example how the rule should look like ?



  • I don't have one running like that anymore.  There are other examples of vpn setups that do include setting on the LAN - Take a look at those.

    Search for strongvpn guide and you may see what I mean.



  • See what they do here with the LAN firewal rules?  And how they set up the gateways?

    This is what I'd expect to see with a config like what you are going for, except I'd expect you to make a couple of small changes so that 2 single IPs and not the entire lan end up using the vpn gateway.

    https://forum.pfsense.org/index.php?topic=29944.0



  • thanks!
    I think this is the exact setup i was looking after!
    i will give a update when i have the time to reconfigure it.



  • I used this same configuration to set up a pfsense here using my pfsense in the USA as server.

    I'd bet you can use your certs and MTU settings etc from your current vpn and use the strongvpn set up instructions to get what you want.


Log in to reply