"Don't pull routes" and firewall rules



  • I'm not a very experienced pfSense or OpenVPN user, but I know enough to be dangerous.

    I've followed a tutorial (https://forum.pfsense.org/index.php?topic=106305.0) to get PIA working on my pfSense (2.3) router and set up a firewall rule and alias so that only a few machines in my house are using the VPN while the rest use the regular gateway.

    My problem is that if I don't check the "Don't pull routes" box in the OpenVPN config, every computer in the house goes through the VPN gateway rather than following the firewall rules I have set up.

    But if I check that box, dnsleaktest.com shows my ISP, which I take to mean there's a leak. If the box is unchecked, I see Choopa, LLC, which is PIA I think.

    Any ideas what I don't understand here?





  • Heh, was just about to necrobump this thread.  :)

    There's gotta be some routing bug here, but it's hard to narrow down or reproduce it.  I'm getting some FreeBSD routing errors in the OpenVPN logs…

    Oct 16 18:49:33 	openvpn 	56370 	/sbin/route add -net 0.0.0.0 10.61.15.5 128.0.0.0
    Oct 16 18:49:33 	openvpn 	56370 	ERROR: FreeBSD route add command failed: external program exited with error status: 1 
    

  • Netgate

    That is because you already have that route in the routing table from your other connection.

    #notabug

    Diagnostics > Routes