This is my first time working with PFSense firewalls and more complex firewall/routing. I got it all setup a few months ago rather easily, and everything is working fine. I use PIA VPN, and typically just use the Windows client on my PC. I’ll switch it off when I’m gaming or streaming for better bandwidth/latency. During the summer I’ll have some roommates in the house, which is why I’ve never really favored running the VPN on the router itself (Netflix, Amazon, etc getting blocked). My PC has two NIC’s, I’ve set static IP’s for each NIC. My idea was to use NIC 1 (local IP 192.168.1.3) as my ‘naked’ connection for the aforementioned gaming/streaming; and NIC 2 (local IP 192.168.1.8) to run through OpenVPN via PFSense. I got the OpenVPN/PIA tunnel running for all connections through the router just fine, but I’m trying to restrict it to only passing network traffic from the NIC 2 (192.168.1.8) connection when I have that NIC enabled. I’m guessing I can setup a firewall rule for OpenVPN for 192.168.1.8, but this is where I’m still pretty n00b at this end of networking. Any help would be greatly appreciated.
Assuming you just have the default allow any to any rule in place what you want to do is make another rule above that one with protocol and destination set to any but with the source set to the IP you want to use the VPN. Then in the advanced setting for the rule change the gateway from default to the VPN gateway. It’s the same general idea for anything more complicated than an allow to any rule, you just set the gateway in the pass rule.
Thanks, the verbiage of the settings gets me a bit confused sometimes. I understand the rules, but I get mixed up in my brain. I’ll try getting that setup, and if it’s still borked I’ll return with some screen shots. Appreciate it!
So for some reason the VPN is not selectable in the advanced settings for the gateway. All I have is the WAN connection. This is what the new firewall rule I’m trying to make as you posted looks like:
I’m on 2.7.0 firmware
Are you using OpenVPN or wireguard?
OpenVPN. I installed wireguard, started trying to sort that out with PIA, but will need to be a weekend project to get that together.
Okay if you go to the interface tab and assign a new interface to the OpenVPN connection that should automatically make a new gateway.