"Don't pull routes" and firewall rules
-
I'm not a very experienced pfSense or OpenVPN user, but I know enough to be dangerous.
I've followed a tutorial (https://forum.pfsense.org/index.php?topic=106305.0) to get PIA working on my pfSense (2.3) router and set up a firewall rule and alias so that only a few machines in my house are using the VPN while the rest use the regular gateway.
My problem is that if I don't check the "Don't pull routes" box in the OpenVPN config, every computer in the house goes through the VPN gateway rather than following the firewall rules I have set up.
But if I check that box, dnsleaktest.com shows my ISP, which I take to mean there's a leak. If the box is unchecked, I see Choopa, LLC, which is PIA I think.
Any ideas what I don't understand here?
-
https://forum.pfsense.org/index.php?topic=138078.msg755873#msg755873
-
Heh, was just about to necrobump this thread. :)
There's gotta be some routing bug here, but it's hard to narrow down or reproduce it. I'm getting some FreeBSD routing errors in the OpenVPN logs…
Oct 16 18:49:33 openvpn 56370 /sbin/route add -net 0.0.0.0 10.61.15.5 128.0.0.0 Oct 16 18:49:33 openvpn 56370 ERROR: FreeBSD route add command failed: external program exited with error status: 1
-
That is because you already have that route in the routing table from your other connection.
#notabug
Diagnostics > Routes