pfsense

[Suki Dhanjal]

Good afternoon all,

I am trying to get back to some of my projects after a break.

I am having some trouble with pfsense.

I am using nordvpn, but am having trouble with creating rules that will allow a range of ipaddresses to bypass the vpn.

Does anyone have any experience of this?

Many thanks

Suki

[Mr.G]

Hi

I don't use pfsense but I'm sure it's similar

I have two gateways - VPN protected and direct to internet

Source                         Destination                        Action

Bypass addresses      Direct proxy                  Allow, log, IPS

Internal addresses      VPN proxy                    Allow,IPS

Kind regards
Gerald

--
You received this message because you are subscribed to the Google Groups "rLab / Reading's Hackspace" group.
To unsubscribe from this group and stop receiving emails from it, send an email to reading-hacksp...@googlegroups.com.
To view this discussion on the web, visit https://groups.google.com/d/msgid/reading-hackspace/437b0c02-bed3-4253-994f-a92595cdbedfn%40googlegroups.com.

[drs...@gmail.com]

To be honest, I have never got it work properly despite several attempts.

As far I as I can see I have set up the roles correctly and in the right order, but something is not right. All the traffic is going via the vpn.

 

Kind Regards

Suki

(0791 560 3651)

--
You received this message because you are subscribed to a topic in the Google Groups "rLab / Reading's Hackspace" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/reading-hackspace/IJkgvnFy44c/unsubscribe.
To unsubscribe from this group and all its topics, send an email to reading-hacksp...@googlegroups.com.
To view this discussion on the web, visit https://groups.google.com/d/msgid/reading-hackspace/CAHr2rBxBcBOVi2qOAukJcq9Oo22ba-vMXgBFuETC0V8XTE-tKw%40mail.gmail.com.

[Mr.G]

That sounds like a routing problem

Admittedly I haven't done this for a while (I retired), but I always found GNS3 helpful to debug firewall / network problems

https://www.gns3.com/marketplace/appliances

https://www.gns3.com/marketplace/appliances/pfsense

I think these are still free.

You could always have a look at  the firebrick demo

https://demo.firebrick.co.uk/

Kind regards
Mr.G
Gerald

To view this discussion on the web, visit https://groups.google.com/d/msgid/reading-hackspace/04da01d87e55%249a691ed0%24cf3b5c70%24%40gmail.com.

[Suki]

Hi

Thank you for the info. I did a search but it seems quite old.  They are only discussing pre 2.4

Kind Regards

Suki

On 12 Jun 2022, at 15:34, Mr.G <gtom...@gmail.com> wrote:



To view this discussion on the web, visit https://groups.google.com/d/msgid/reading-hackspace/CAHr2rByt1hfXTmADFErmrLi-ADqcU29dUdEVTw4n6Py%3DuyQNVA%40mail.gmail.com.

[Mr.G]

I'm probably making my point badly.  Routing, NAT, ACL are as old as the hills. The interface might change but the basics - does the packet actually reach the interface, question and answer are the same. TCPdump or Wireshark will probably reveal the answer fairly quickly.

Kind regards
Mr.G
Gerald

To view this discussion on the web, visit https://groups.google.com/d/msgid/reading-hackspace/65D34152-FE94-4D4F-8A9B-118621536959%40gmail.com.

[drs...@gmail.com]

Hi Gerald,

Thank you for continuing to respond. It really has had me stumped as I have not been able to interrogate where the packets are going.

I think I found out what this issue was.
In the 'General DNS Resolver Options' , Outgoing Network Interfaces
was set to nordVPN (as per the instructions provided by NordVPN). However, if you set this to WAN, it appears to work.
To be honest I am not sure what the 'real' exposure is as I am not a network specialist.

 

Kind Regards

Suki

To view this discussion on the web, visit https://groups.google.com/d/msgid/reading-hackspace/CAHr2rBxHW0SrdRtp9x1JJ57V8pMpJwGbCXZKaCRnqa82RwvnTg%40mail.gmail.com.