PfSense AirVPN setup advice for adding clear connection

[AtariSoul 0]

Hello Folks

 

I have been using the EXCELLENT pfSense 2.3 setup for some time and it works very well https://airvpn.org/topic/17444-how-to-set-up-pfsense-23-for-airvpn/ 

 

However, I am finding more and more devices won't work on VPN, like our smart TV using BBC iPlayer or Amazon Prime. I've just got an Amazon Echo and I can only get it working using a hot spot on my mobile! 

 

In the past, I created a firewall alias containing all the devices that I want in the clear and put this at the top of my outbound rules. This has worked fine until the Echo came along. Apparently it won't work without ip6 and a general DNS server.

 

Therefore, I would like to upgrade pfSense and add a completely clear net connection for these devices. 

 

I'm using my Virgin media hub as a plain modem that connects to the NIC in my PfSense firewall PC, then the other NIC in the PC is connected to my ASUS router as the access point for my network.

 

VIRGIN Media Hub (set as Modem) --NIC--> pfSense Firewall PC --NIC--> ASUS router (access point) --> wired & wifi devices

 

I did consider adding a USB gigabit ethernet adaptor to the pfSense PC and having this as the clear net line and attach this to another router as an access point for the TV and Echo etc.

 

But after reading nguvu's EXCELLENT guide https://nguvu.org/pfsense/pfsense-baseline-setup/ I think it would be better achieved by VLANs and a managed switch.

 

How do I connect this managed switch with my setup? does it go between the PC and router access point? Will this work this nguvu's guide?

 

I'm far from being a network expert and therefore would be most grateful for help in achieving this

 

[Air4141841 25]

you don't need a managed switch if you don't want..

 

create a static address for the devices you want outside the tunnel >   status - DHCP leases then click the plus sign 

 

firewall > rules > lan.  create a listing for that device here, but change the GATEWAY address to WAN>   apply.      and that device will be outside the tunnel

 

if it needs a static  DNS address go to services >  dhcp server > find/ add your device and under  DNS servers add the DNS server you need.

 

i have been using this for months with no issues 

[AtariSoul 0]

you don't need a managed switch if you don't want..

 

create a static address for the devices you want outside the tunnel >   status - DHCP leases then click the plus sign 

 

firewall > rules > lan.  create a listing for that device here, but change the GATEWAY address to WAN>   apply.      and that device will be outside the tunnel

 

if it needs a static  DNS address go to services >  dhcp server > find/ add your device and under  DNS servers add the DNS server you need.

 

i have been using this for months with no issues 

 

Thanks for your reply Air4141841

 

I have tried what you suggest but it makes no difference.

 

I already use static IP for my regular devices anyway so that saved some time

 

First I created an alias based on the devices I wanted to be on clear net.

 

Then I did Firewall / Rules / AIRVPN_LAN / Add to top

 

Started to create a rule with my alias as the source, but couldn't find gateway only interface which is "AIRVPN_LAN". So I changed interface to "WAN_DHCP" in case thats what you meant but that made no different to the connection. 

 

Sorry for being such a noob, I would be so grateful if you could help me further

 

Cheers

[Air4141841 25]

i can provide screen shots at another time.

 

firewall > rules > lan tab > click the edit/ eraser icon >  scroll all the way down to gateway.  and change it to way there.   APPLY reboot box if need be

[AtariSoul 0]

Sorry mate, I found the gateway in the advanced settings.

 

Now this rule is set up devices in my alias hung. So I have set up an outbound rule for the alias on the WAN to NAT to WAN and it works. Is this the right thing to do?

 

Also, how do I set a DNS like 8.8.8.8 for this clear net alias. I can see under DHCP you can do it for each static entry, but an alias I can't find.

 

Thanks for your patience I really appreciate your help.