Netgate SG-1000 microFirewall

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - gschmidt

Pages: [1] 2
OpenVPN / Re: DNS leaks using OpenVPN client tunnel
« on: March 21, 2018, 05:53:47 pm »
Also when I switch them I get a DNS leak (which shows the ip address of my ISP)

I have read your thread also...having the same kind of problem
Only I am routing not all my network traffic trough the vpn tunnel, but only 2 devices.
Which works, however I have DNS leaks.

I cant figure out how to solve this.

Also tried the DNS Resolver, but if I set the outgoing network interfaces to only EXPRESVPN, i have no internet at all hosts including the 2 running through the vpn tunnel.

OpenVPN / Re: DNS leaks using OpenVPN client tunnel
« on: March 21, 2018, 03:56:43 pm »
you mean like this?

OpenVPN / Re: DNS leaks using OpenVPN client tunnel
« on: March 21, 2018, 02:56:56 pm »
Go to status/ DNS resolver/ General settings.  Make sure your DNS resolver is functioning properly first. Then go to General system setup and input the 2 DNS media streamer provided with Expressvpn. on drop down use "ExressVPN_DHCP-Opt1".

What do you mean by "functioning properly"? I have default DNS resolver settings.
I have added both the expressvpn dns servers and select the "ExressVPN_DHCP" gateway, but still a dns leak
Should the ExpressVPN dns servers be the only DNS servers (I have also the google servers)?

OpenVPN / Re: DNS leaks using OpenVPN client tunnel
« on: March 21, 2018, 02:01:41 pm »
I also notice that in the "Gateways" status on the dashboard the VPN gateway shows Offline (with a virtual IP address 10.XXX.X.9)
But in the OpenVPN status on the dashboard the IP is 10.XXX.X.10 with a green arrow UP

Why is the Gateway status showing Offline and has a different virtual IP address?

OpenVPN / Re: DNS leaks using OpenVPN client tunnel
« on: March 21, 2018, 01:45:40 pm »
I'm a learning newbie, what do you mean with:

Set the client to use outside DNS servers either statically or with a DHCP static mapping and test again.

Where do I set this?

OpenVPN / DNS leaks using OpenVPN client tunnel
« on: March 20, 2018, 06:13:24 pm »

On my pfsense router (default WAN LAN installation, with google DNS servers and DNS server list to be overridden by DHCP/PPP on WAN option checked),
I setup an Openvpn client (expressvpn).
Since i wanted only to tunnel 2 specific devices of my network (it has only one subnet,
I did the following steps:

1. Setup the openvpn client (followed the expressvpn tutorial)-->status is UP
2. Assigned an interface (OPT1 renamed it to EXPRESSVPN) to the connection and select DHCP at the IPv4 Configuration Type box.
3. Add a gateway for the EXPRESSVPN interface in System-->Routing-->Gateways
4. Firewall-->NAT-->Outbound I set the NAT Mode from Automatic NAT to Manual Outbound NAT
5. Under mappings I copied the "Auto created rule - LAN to WAN" rule and changed the interface to EXPRESSVPN.
6. Under Firewall-->Aliases I created an Alias IP of the hosts I want to route through the vpn tunnel.
7. Under Firewall-->Rules-->LAN I created a rule:
   Source: Single source or Alias
   Destination: Any
   Advaned Options:
   Gateway: Interface EXPRESSVPN Gateway

8. Under Firewall-->Rules-->Floating I created a rule:
   Apply the action immediately on match...checked
   Interface: WAN
   Direction: Out.
   Source: Any
   Destination: Any
   Advaned Options:
   Tagged : NO_WAN_EGRESS
   Gateway: Default

With these settings the VPN is running:
Only the devices in the Firewall Alias run through the VPN tunnel, the other through the normal WAN.
When the Tunnel is down the Firewall Alias devices cannot connect to the internet (which is the behavior I wanted)

Yessss I thought....However when I performed a DNS leaktest at
It appears that 1 DNS Server is leaking...Showing my ISP WAN ip address...:-(

Anybody an idea what I did wrong or missed here?

OpenVPN / Re: How to route single client through openvpn tunnel
« on: March 16, 2018, 12:04:05 pm »
According to this video
You can use firewall rules to exclude the hosts that you dont want to go through the vpn tunnel.
So if you set static ip's for the hosts that use the vpn tunnel an make a firewall alias for the dhcp range and use this alias in a firewall rule which will pass the vpn tunnel and to go through the wan
Wouldn't that work?

OpenVPN / How to route single client through openvpn tunnel
« on: March 15, 2018, 03:19:59 pm »

On my pfSense router I have setup an openvpn client (expressvpn).
I followed the "How to set up pfSense with ExpressVPN (OpenVPN)" on their site.
The openvpn client is now UP in pfsense!
However the next steps they describe is routing the wan traffic of all clients of the network (I have only one subnet\24) through the vpn tunnel.
I asked them if it also is possible to route only one client of my network through the vpn tunnel.
The answer was: "not possible", but i get the feeling this should be possible...
I stopped the setup at the point that I had to assign an interface to the openvpn client

Is this possible? and if so, what would be the next steps in pfSense?

General Questions / Re: (Small) Home Network Setup advice
« on: March 12, 2018, 01:41:09 pm »
Well, for a start I now have an AES-NI mini-pc with pfsense running as main router. :)

General Questions / Re: (Small) Home Network Setup advice
« on: March 11, 2018, 08:15:42 am »
You want something easier to use for vpn?  As to cheaper?  Pfsense is FREE can run it on your existing PC as a VM if you wanted to to provide your whole network vpn access.

I have read that future release pfsense 2.5 will need a device with a AES-NI processor.
My only wired PC is not capable of AES-NI. will VM work with the new release then?

My (relocated) network is up and running according to your advise with switch.
Next step is configure the openvpn client and the rules for the vpn tunnel

General Questions / Re: (Small) Home Network Setup advice
« on: March 08, 2018, 01:54:37 pm »
Ok Ok Ok Ok Ok Ok guys....I get it!  :-[

It's a TP-LINK TL-SG1005D....and indeed probably low powered.
I'll take your see under my name is a status mentioned....newbie

General Questions / Re: (Small) Home Network Setup advice
« on: March 07, 2018, 03:14:44 pm »
A colleague found it during his trip to china.
Re-install would be step 1 at arrival, I first want to stress test the device.

I do have a 5 port switch (which means also an extra power connection $$)

Thanx for the tips!

General Questions / (Small) Home Network Setup advice
« on: March 07, 2018, 02:39:48 pm »

I want to redecorate my (small) Home Network setup physically and keep it technically as simple as possible. Mainly for 2 reasons:
  • There are too many devices in my living room on the 1st floor (wife = >:( )
  • And I want to create an additional (open)VPN connection for (mainly) my RPi/Kodi device.
Because the Rpi/Kodi device is not powerful enough to run an openvpn client which provides descent speeds, I bought a Mini PC with 4 ethernet/nic ports and AES-NI (pfSense pre-installed). My Idea was to turn this device into my Main home router. But I found out that pfSense is much more than any router software. There are so many possibilities that you sometimes can not see the forest through the trees  ;).

Now the basic pre-installed Pfsense on the device has a WAN LAN OPT1 OPT2 where only the WAN and LAN are assigned to interfaces. But I want to create a home network as shown in the attached diagram.

The orange LAN cables (running through the hallway closet) are the connection between the first and second floor. This means I physically need the ethernet ports to connect my AP's and NAS to the gateway ( Besides that also the tunnel of the openVPN client needs to be assigned to an interface.

Can somebody give me advise how to set this up?


OpenVPN / Re: VPN client setup advise
« on: March 06, 2018, 04:46:05 pm »
ok thanx for the help, i first will setup my pfsense box with 4 network ports so it acts like a 3 ports router. After that i will try to setup the openvpn client and assign it to an interface


OpenVPN / Re: VPN client setup advise
« on: March 05, 2018, 04:29:51 pm »
Sorry i'm not so familiar with virtual interfaces.
I bought a (still on its way) Qotom box with 4 ethernet ports and pfSense pre-installed: WAN,LAN,OPT1,OPT2
Now I want to bridge OPT1 and OPT2 and LAN because I need those ports physically in my home network.
Once I bridged the 3 ethernet ports, it is still possible to create a virtual interface for the VPN tunnel?

I this article it looks like OPT1 physically is assigned to a network port:

Pages: [1] 2