SodaStream 7 Posted ... Hi, sorry to bother you guyes but I need some beginner help configuring my pfsense to route my selected netflix capable devices traffic outside the airvpn tunnel. Can some1 take me step by step thru the configuration? Quote Share this post Link to post
zhang888 1066 Posted ... /firewall_nat_out.php page, choose the source, NAT address should be your WAN gateway.You can choose either single IP addresses or entire CIDR notations, for a single IP use /32. Quote Hide zhang888's signature Hide all signatures Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees. Share this post Link to post
go558a83nk 362 Posted ... /firewall_nat_out.php page, choose the source, NAT address should be your WAN gateway.You can choose either single IP addresses or entire CIDR notations, for a single IP use /32. need to create a corresponding firewall rule in LAN section to allow outbound too, right? Quote Share this post Link to post
zhang888 1066 Posted ... Assuming his LAN client already allowed for outbound connections via VPN, then no. this is just an outbound NAT rule to use a specific gateway. Quote Hide zhang888's signature Hide all signatures Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees. Share this post Link to post
SodaStream 7 Posted ... /firewall_nat_out.php page, choose the source, NAT address should be your WAN gateway.You can choose either single IP addresses or entire CIDR notations, for a single IP use /32.is this correct? Quote Share this post Link to post
go558a83nk 362 Posted ... /firewall_nat_out.php page, choose the source, NAT address should be your WAN gateway.You can choose either single IP addresses or entire CIDR notations, for a single IP use /32.is this correct? good idea to make an alias. looks correct to me. Quote Share this post Link to post
SodaStream 7 Posted ... The traffic from my netflix devices are is still not being routed outside the VPN tunnel. Can some1 help me out instead of responding with a vague half way answer please? Quote Share this post Link to post
En6q4xgVnJEK 3 Posted ... The traffic from my netflix devices are is still not being routed outside the VPN tunnel. Can some1 help me out instead of responding with a vague half way answer please? I finally got this working for Netflix. Big caveat up front, I'm not a network expert, so there might be a better/safer way to accomplish this. Here's what I did... 1. Followed this guide to get everything running through the VPN first (https://airvpn.org/topic/17444-how-to-set-up-pfsense-23-for-airvpn/). I assume this is where you started as well. If not, my solution may not work for you. 2. Created an alias for all devices I want to bypass the VPN (vpn_bypass) 3. Added another NAT outbound rule at /firewall_nat_out.php (which is what it looks like you did above). This should be at the top of the list. * Do not NAT => not checked* Interface => WAN* Protocol => any* Source => Network, vpn_bypass/32* Destination => Any* Address => interface address* Port => [blank]* No XMLRPC Sync => not checked* Description => "LAN to WAN bypassing VPN" 4. Added a new NAT rule to forward DNS traffic from vpn_bypass to a public DNS (Google in my example). This will allow traffic bypassing the VPN to access a DNS directly. Without it, your device will have access to the WAN directly, but won't be able to resolve the URL netflix.com, which is what I think was causing you problems. You can add this is at /firewall_nat.php* No RDR (NOT) => not checked* Interface => AIRVPN_LAN* Protocol => TCP/UDPshow advanced* Source => single host or alias, vpn_bypass* Source port range => any to any* Destination => CHECK invert match, AIRVPN_LAN address* Destination port range => DNS to DNS* Redirect target IP => 8.8.8.8* Redirect target port => DNS* Description => "DNS for VPN bypass using Google" Make sure it also creates an associated filter rule. You may need to reorder the rules on this page as well. I put this near the top, so traffic wasn't directed through the VPN accidentally. 5. Add another firewall rule that allows the vpn_bypass group to create connections directly with the WAN. This is basically a clone of "AirVPN_LAN allow outbound" with a few tweaks. This should be put ABOVE the "AirVPN_LAN allow outbound" rule when we're done.* Action => pass* Interface => AIRVPN_LAN* Address family => IPv4* Protocol TCP/UDP* Source => Single host, vpn_bypass* Source port range => 1024 to 65535* Destination => any* Destination port range => wan_service_ports to wan_service_ports* Description => AirVPN_LAN allow outbound for VPN bypassSHOW ADVANCED* Gateway => WAN Hopefully this helps. Now, if I could get port forwarding to work correctly for Plex, life would be better 3 T44B, go558a83nk and Zyrafir reacted to this Quote Share this post Link to post