Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Can pfsense restrict a couple of defined IP add. to use vpn?

    OpenVPN
    2
    14
    1086
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      notaduck last edited by

      Hey. Finally i succeeded the Openvpn configuration with IPVanish.
      but i was wondering if it is possible to make a restriction so it was only 2 out of my 10 IP clients on the LAN there can use the VPN?

      1 Reply Last reply Reply Quote 0
      • K
        kejianshi last edited by

        You are using policy based routing with a rule you added on your lan to make the whole /24 go out via vpn interface right?

        If instead of 1 rule for the whole /24, you were to make 2 rules for a /31 each for the IP of the machines you want to use the VPN, shouldn't that do it?

        1 Reply Last reply Reply Quote 0
        • N
          notaduck last edited by

          i haven't made any rules other than a Nat outbound rule.
          i must admit i am still a noob when it comes to pfsense and firewall rules.

          so  what you are saying is that i should delete the one i created (see attachment) and then create a new rule for each ip

          Example :

          interface : OPT3
          Source : 10.0.1.55 (could be my laptop)
          NAT ADD : OPT3 Addresses

          and then do that for each individual client?


          1 Reply Last reply Reply Quote 0
          • K
            kejianshi last edited by

            This VPN is running on pfsense right?

            Can you send me the link to the guide you used to set it up?

            1 Reply Last reply Reply Quote 0
            • N
              notaduck last edited by

              of Course here it is : https://forum.pfsense.org/index.php/topic,66467.0.html

              and then i did create the nat rule as phathat suggested to get it to work.
              and the "advance settings"  wasnt working so i had to remove them

              1 Reply Last reply Reply Quote 0
              • K
                kejianshi last edited by

                Strange - Seems like there is nothing there to tell pfsense which gateway should be used by machines on the LAN and when…

                Its not the way I would have set things up I guess.

                "This guide only covers routing all of your traffic out the OpenVPN tunnel." - Not a good sign for you...

                1 Reply Last reply Reply Quote 0
                • N
                  notaduck last edited by

                  yep  was also confused with this method/guide
                  but i i am a bit limited here because of my knowledge to the subject ;)

                  1 Reply Last reply Reply Quote 0
                  • N
                    notaduck last edited by

                    can i ask you how you would have done it ? it is always nice to see one thing in different perspectives

                    1 Reply Last reply Reply Quote 0
                    • K
                      kejianshi last edited by

                      I'm not sure - You may still be able to put rules on the LAN firewall to tell certain traffic to exit the WAN gateway.

                      1 Reply Last reply Reply Quote 0
                      • N
                        notaduck last edited by

                        well thx ;) I hope it isn't too much but can i ask for an example how the rule should look like ?

                        1 Reply Last reply Reply Quote 0
                        • K
                          kejianshi last edited by

                          I don't have one running like that anymore.  There are other examples of vpn setups that do include setting on the LAN - Take a look at those.

                          Search for strongvpn guide and you may see what I mean.

                          1 Reply Last reply Reply Quote 0
                          • K
                            kejianshi last edited by

                            See what they do here with the LAN firewal rules?  And how they set up the gateways?

                            This is what I'd expect to see with a config like what you are going for, except I'd expect you to make a couple of small changes so that 2 single IPs and not the entire lan end up using the vpn gateway.

                            https://forum.pfsense.org/index.php?topic=29944.0

                            1 Reply Last reply Reply Quote 0
                            • N
                              notaduck last edited by

                              thanks!
                              I think this is the exact setup i was looking after!
                              i will give a update when i have the time to reconfigure it.

                              1 Reply Last reply Reply Quote 0
                              • K
                                kejianshi last edited by

                                I used this same configuration to set up a pfsense here using my pfsense in the USA as server.

                                I'd bet you can use your certs and MTU settings etc from your current vpn and use the strongvpn set up instructions to get what you want.

                                1 Reply Last reply Reply Quote 0
                                • First post
                                  Last post