pfsense

41 views
Skip to first unread message

Suki Dhanjal

unread,
Jun 12, 2022, 7:08:45 AM (13 days ago) Jun 12
to rLab / Reading's Hackspace
Good afternoon all,
I am trying to get back to some of my projects after a break.
I am having some trouble with pfsense.
I am using nordvpn, but am having trouble with creating rules that will allow a range of ipaddresses to bypass the vpn.
Does anyone have any experience of this?
Many thanks
Suki

Mr.G

unread,
Jun 12, 2022, 7:52:50 AM (13 days ago) Jun 12
to rLab / Reading's Hackspace
Hi
I don't use pfsense but I'm sure it's similar
I have two gateways - VPN protected and direct to internet

Source                         Destination                        Action
Bypass addresses      Direct proxy                  Allow, log, IPS
Internal addresses      VPN proxy                    Allow,IPS


Kind regards
Gerald


--
You received this message because you are subscribed to the Google Groups "rLab / Reading's Hackspace" group.
To unsubscribe from this group and stop receiving emails from it, send an email to reading-hacksp...@googlegroups.com.
To view this discussion on the web, visit https://groups.google.com/d/msgid/reading-hackspace/437b0c02-bed3-4253-994f-a92595cdbedfn%40googlegroups.com.

drs...@gmail.com

unread,
Jun 12, 2022, 8:11:56 AM (13 days ago) Jun 12
to reading-...@googlegroups.com

To be honest, I have never got it work properly despite several attempts.

As far I as I can see I have set up the roles correctly and in the right order, but something is not right. All the traffic is going via the vpn.

 

Kind Regards

Suki

(0791 560 3651)

--
You received this message because you are subscribed to a topic in the Google Groups "rLab / Reading's Hackspace" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/reading-hackspace/IJkgvnFy44c/unsubscribe.
To unsubscribe from this group and all its topics, send an email to reading-hacksp...@googlegroups.com.
To view this discussion on the web, visit https://groups.google.com/d/msgid/reading-hackspace/CAHr2rBxBcBOVi2qOAukJcq9Oo22ba-vMXgBFuETC0V8XTE-tKw%40mail.gmail.com.

Mr.G

unread,
Jun 12, 2022, 10:34:26 AM (13 days ago) Jun 12
to rLab / Reading's Hackspace
That sounds like a routing problem
Admittedly I haven't done this for a while (I retired), but I always found GNS3 helpful to debug firewall / network problems


I think these are still free.

You could always have a look at  the firebrick demo

Kind regards
Mr.G
Gerald


Suki

unread,
Jun 12, 2022, 12:19:22 PM (13 days ago) Jun 12
to reading-...@googlegroups.com
Hi
Thank you for the info. I did a search but it seems quite old.  They are only discussing pre 2.4

Kind Regards
Suki

On 12 Jun 2022, at 15:34, Mr.G <gtom...@gmail.com> wrote:



Mr.G

unread,
Jun 12, 2022, 1:37:20 PM (13 days ago) Jun 12
to rLab / Reading's Hackspace
I'm probably making my point badly.  Routing, NAT, ACL are as old as the hills. The interface might change but the basics - does the packet actually reach the interface, question and answer are the same. TCPdump or Wireshark will probably reveal the answer fairly quickly.

Kind regards
Mr.G
Gerald


drs...@gmail.com

unread,
Jun 13, 2022, 3:43:59 AM (12 days ago) Jun 13
to reading-...@googlegroups.com

Hi Gerald,

Thank you for continuing to respond. It really has had me stumped as I have not been able to interrogate where the packets are going.

I think I found out what this issue was.
In the 'General DNS Resolver Options' , Outgoing Network Interfaces
was set to nordVPN (as per the instructions provided by NordVPN). However, if you set this to WAN, it appears to work.
To be honest I am not sure what the 'real' exposure is as I am not a network specialist.

 

Kind Regards

Suki

Reply all
Reply to author
Forward
0 new messages