HI guys i am just getting into PFSense and just set up openvpn on it. i have been trying to block all of my internal network ips except for the one i specifically set to go through the VPN. any help would be much appreciated
I'm assuming this a VPN client rather than server?
Depending on how you've configured the client it may or may not override the default gateway. If it has (all traffic goes over the VPN) then you need to go to the client configuration and check the box for "Don't pull routes". Now the VPN won't override the default gateway and only traffic you specify will use it.
Next go to the firewall rules for your LAN (or whatever interface the device you want to use the VPN with is on) and make a pass rule from the IP of the device to any, open the advanced settings and find the gateway option, set this to your VPN. Make sure this rule is above any other pass rules and it should work.
Basically you can configure a gateway for any firewall rule so you can configure it in many ways, just keep in mind two things, 1) rules are processed from top to bottom on first match, and if you want to have traffic between devices on local interfaces you need to use the default gateway in the rule.
so i have checked the "Don't pull routes" in the OpenVPN configuration. when i go to specify the Firewall Rule under the LAN Rules do i just specify the "Source IP Address" as the device i am trying to pass through and change the "Default Gateway to the VPN Gateway?
Pretty much
Do i just need the one LAN Rule? i think i am missing something. it doesn't seem to be working
Can you screen shot the LAN rules
You need to move the rule above the other PASS rules (drag it and click save down the bottom) because they will match the traffic first and that rule will never get processed. Other than that the rule looks fine.
alright i have been playing around with it for a bit but i cant seem to single out the IP address i want. I am not sure if this is a problem with PFsense 2.4 or possibly something with the services i am running (PFblockerng, Squid and, Suricata) maybe something with the NAT of a single device being different then the whole system. would you have any ideas of how to trouble shoot?
thank you for your time and patience
Try specifying the wan gateway for the other pass rules. And be certain that the rule for the single IP is above those rules.
No you don't want any rules on the VPN side. Can you post your outbound nat rules?
You're sure it's not working? Everything looks okay
would it be easier if i just switched the device i am trying to VPN to an open Ethernet on my router and just make that port the VPN port?
it could be a problem with PFsense 2.4 i know its still in beta
It's the same method either way.
Are you sure you've got the right IP? Does the other traffic go over the WAN or the VPN?
Positive i got the right IP. i set it statically and have been SSHing into it to check the external IP the device is getting. i have been seeing my none VPN external IP or it doesn't come back with an external IP at all and has no connection. The device im trying to VPN is a Raspberry Pi. should i try whipping it and re flashing the SD card?
How are you testing the external ip?