Netgate SG-1000 microFirewall

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - DaveB

Pages: [1]
While I appreciate the detail of the original PIA VPN tutorial and all of the subsequent contributions, I've not been able to combine all of that into a working VPN + Bypass configuration. PIA VPN works; it's the 'bypass' exception that does not.

I've successfully configured PIA VPN and confirms a PIA IP address but something is preventing any Firewall exception Rule I create (to 'bypass' VPN) from having those IP routed around VPN -- such rules appear to be just ignored. I've read, searched and tried every config modification I can find; no luck. All IPs for devices are static IPs on the same 192.168.1.X network but they all just use the tunnel.

Any idea of what to observe or what config to check or change would be appreciated. Thanks!

Run the entire local 192.168.1.X net through the PIA VPN -- except a few specific static IP devices.

ISP - (108.x.x.x) - ISP ADSLmodem - (108.x.x.x) - SG-2440 - (172.28.x.x) - Router/SW - 192.1681.X local net
SG-2440 is at 2.3.2.p1, no added packages

DSLGW(default) / WAN / 108.x.x.x / 108.x.x.x / ADSL Gateway
PIAVPN_VPNV4 / WAN / / / Interface PIAVPN_VPNV4 (the 10.x.x.x appears dynamic)
PIAVPN_VPNV6 / WAN / <blank> / <blank> / Interface PIAVPN_VPNV4

Existing defaults: WAN, LAN
Deleted: OPT2 (unused)
Renamed OPT1:  Enable[X] / Name: PIAVPN / Network port: ovpnc1(PIA openVPN)

Existing: (6) WAN Mappings
Copied: (6) and rename Interface: PIAVPN

Roku /
VPNPath / range

Rules: WAN: (only existing block private and bogon)
Rules: PIAVPN: (no rules)
Rules: OpenVPN: (no rules)

Rules: LAN:
Added: Roku / any port,dest / DSLGW gateway
Added: VPNPath / any port,dest / PIAVPN gateway


Just been struggling with a similar problem and concluded that it was my settings under Firewall/NAT/Outbound - Manual Outbound that were wrong. I had overwritten the existing rules with my VPN rules rather than duplicating and then modifying.

Copy of Rules that sorted it for me is shown below.
Hope you can get it sorted.

OpenVPN / Re: Turning off VPN loses internet
« on: August 29, 2017, 06:47:43 am »

Screenshot attached.

When the second rule is enabled there is no internet access from the IP specified in Alias Blockpc.
When the rule is disabled internet access is available.

OpenVPN / Turning off VPN loses internet
« on: August 27, 2017, 09:24:57 am »

I am trying to set up some routing rules to send some traffic direct to the WAN - bypassing my VPN.
So I tried a rule which directed traffic from a specific pc direct to the WAN.
The outcome was that the pc could not get to the internet - though another pc connected to the firewall still could.

So I tried disabling the VPN client.
Result was that nothing could connect to internet.

It did work before OpenVPN was installed so I guess I have screwed something in the installation.

Any ideas please?

In case it is not obvious - I am a total noob at this.

OpenVPN / To VPN or not to VPN?
« on: August 25, 2017, 03:46:05 am »

My current setup is a PC running Win 7 with all traffic going via a pfsense firewall running client openvpn using PureVPN service provider.

The specific issue that prompted this plea for help is that when I tried to connect to BBC iplayer they detected that I was using a VPN so refused to play ball. Now I am actually UK based so there would be no problem if I wasn't going via a VPN.

So my query is - Is there a way in which I can specify, when I launch an application, whether it uses the VPN.
I could add a second network card and either connect to a different subnetwork that is not connected to pfsense, or set some firewall rules that bypassed the vpn (I say that but would have no idea how to actually do that !!).
The problem would then be how I would specify which network card the application used. Ideally what I would like to be able to do is say launch one copy of Internet Explorer and route it via the VPN and then launch a second copy to use NOT via VPN.

I think I read that you can bind specific applications to a specific NIC. This may give me a partial solution but is not quite what I am after.

As an alternative is it possible to conceal the fact that I am using a VPN. I guess that in this instance the BBC recognise the IP address as belonging to my VPN service provider.

Thanks for any thoughts

ps If you can help please take into account that I am a total newbie

pfBlockerNG / Re: pfBlocker with openvpn
« on: August 24, 2017, 03:57:47 pm »
By George I do believe I have got it !!!

I believe I have finally got the DNS settings right for my pc.
The long version for anyone else struggling as I did is:-

Control Panel / Network and Sharing / Change adapter settings / Local Area Connection / Properties /Internet Protocol Ver4

Click Use the following IP address

IP address is that of your PC
Subnet Mask
Default Gateway is IP for pfsense

Click Use the following DNS Server Addresses
Preferred DNS Server

I am highly highly grateful for the assistance received.

One final silly question.
While following a guide for setting up pfblocker I have created an alias pfB_DNSBLIP.
I have no idea what it is but it has the black down arrow indicating there are no rules for the alias.
Can anyone shed any light on this?

Anyway thanks again

pfBlockerNG / Re: pfBlocker with openvpn
« on: August 23, 2017, 07:35:53 am »

This is what I have tried so far:-
(1) Removed the DNS Server settings that I had under Server/DHCP Server/LAN/Servers
      The Servers I wish to use were already entered under System/General Setup/DNS Server Settings

(2) Removed the DNS servers I was using on my Win7 PC and changed setting to obtain address automatically

(3) Followed the instructions at "Here are some basic instructions to get started with DNSBL."
     This added another Alias - DNSBL_Ads to the pfBlocker widget
    Ensured Enable DNSBL was checked and that DNSBL Firewall Rule was checked with LAN and Open VPN

(4) Went to - adverts not blocked - no entries appeared under Firewall/pfBlockerNG/Alerts
     No update to packages count in pfblocker widget.

So - no luck so far.

pfBlockerNG / Re: pfBlocker with openvpn
« on: August 22, 2017, 04:07:35 am »

All I am trying to do is to block adverts (not geo-locations).
To this end I have (attempted to) load EasyList w/o Elements and EasyPrivacy.
I can see an alias (if this is the right term) for each of these in the pfblocker widget with a green up arrow (rules defined??).

A problem I have here is that I have no idea what I should be able to see (or not see) both in terms firewall rules or other settings, reports of ads being blocked, and reduction in adverts being displayed.

Is it possible that it is working all along, but is unable to block the ads on the sites I go to - maybe different block list required.
I notice that one of the aliases has an entry of 60 under the heading of packets - is that the number of packets it has blocked?
If so is that number reasonable? I would have expected something much larger.

Anyway thank you for your assistance - and your sig is most apt.
Unfortunately my experience is zero.

pfBlockerNG / Re: pfBlocker with openvpn
« on: August 16, 2017, 11:25:47 am »

I have checked the the OpenVPN Interface box since OpenVPN did not appear in the 2 boxes immediately above
(Inbound/Outbound Firewall Rules)

pfBlockerNG / pfBlocker with openvpn
« on: August 15, 2017, 11:49:04 am »

Having previously setup client openvpn I am attempting to run pfblocker 2.1.1_8 on pfsense 2.3.4.

However nothing appears to be being blocked.
In the Pfblocker widget packets remain at zero.

In Firewall/ pfBlockerNG/ General  - Interface Rules - Inbound and Outbound Firewall Rules , I was expecting to be able to select OpenVPN but it does not appear as an option.

If I look at Firewall/Rules/OpenVPN then there are no rules defined for this interface.

Help please as I am very much a novice at this and guess I have missed something in the setup.


Feedback / Newbies Section
« on: August 15, 2017, 11:30:07 am »

I would like to suggest a section of this board for "the less experienced" user to seek advice.

What do you think?

Installation and Upgrades / Re: Cannot Launch Setup Wizard
« on: August 06, 2017, 02:29:33 pm »
Thank you very much Sir !!!

I now have access to the Gui and an internet connection.

Onwards and upwards to the next hurdle.

Installation and Upgrades / Cannot Launch Setup Wizard
« on: August 06, 2017, 01:16:55 pm »
Hi all

Please be gentle with me as I am a total noob and have almost zero networking knowledge.

I have installed pfsense 2.3.4 onto the harddisk of an old computer and can see
Wan assigned as fxp0 v4/DHCP4:    and
Lan assigned as r10 v4

I can see the Wan address displayed in the client list of my Asus DSL-AC68U (my fibre modem/router)

The instructions say I should now be able to connect using the Lan interface and launch the Wizard.

However nothing I try gives a connection - Internet explorer just gives "This page can't be displayed"

Help please.


Pages: [1]