How to change routing from the (client) command line



  • I have pfSense set up and running with a number of VPN gateways, so that a single client can be made to use any of these. I want a way that a user with limited technical experience can EASILY switch from using one gateway to another; so (for example) that they can change their VPN between UK, US, Switzerland and so on.

    I have pfSense set up like this:

    One LAN interface 192.168.90.10 - with several devices connected (AppleTV, PC, Laptop, Tablet)
    One WAN interface (going to the internet via an ADSL bonding provider)
    Eight OpenVPN clients, going to eight different destinations, each of which has an interface and a gateway.

    I can route all traffic from a particular LAN address (like the Laptop) to a particular outgoing OpenVPN gateway, based upon the IP address of the Laptop, using a rule set up on the LAN interface. This works just fine.

    But if I want to route the Laptop via a different outgoing VPN gateway, so that it appears to be (for example) in the US instead of the UK, I need to change the rule on the pfSense, using the web gui. Or disable one rule and re-enable another.

    Is there ANOTHER way of doing this that can be EASILY done from the Laptop - WITHOUT needing to login to pfSense WebGui?

    I was thinking of something like setting up additional virtual IPs on the pfSense (192.168.90.11, 192.168.90.12 and so on) and routing each one of these to a DIFFERENT outgoing OpenVPN gateway. Then all I would need to do would be to issue a "route change gateway 192.168.90.11" command at the laptop command window, and not login to pfSense at all. Except that whilst I have created the virtualIPs, I can't find a way to route to a specific gateway based upon which INCOMING IP address on the pfSense was used as a gateway.

    Or do I have other options?

    One would appear to be to write a web application - which runs on the pfSense - with a number of buttons "Make me Swiss", "Make me English", "Make me American" and so on which would then modify the pfSense rules appropriately. But it looks a bit complicated.


Log in to reply