pfSense Support Subscription

Author Topic: Why was all my traffic routed through VPN  (Read 162 times)

0 Members and 1 Guest are viewing this topic.

Offline MondQ

  • Newbie
  • *
  • Posts: 6
  • Karma: +0/-0
    • View Profile
Why was all my traffic routed through VPN
« on: November 04, 2017, 04:03:34 pm »
Hello Everybody,
Today I configured my pfSense box to be an OpenVPN client for ProtonVPN. After I had set everything up and created a rule that only the traffic of one computer be routed through the VPN interface, I noticed that traffic from all connected devices was being routed through VPN.
The Firewall rule set was as follows:

Protocol   Source           Port   Destination  Port   Gateway                 Queue     Schedule    Description
IPv4*        192.168.3.6       *           *           *            ProtonVPN_DHCP      none                   Desktop - Traffic to VPN
IPv4*         LAN net            *            *           *           *                              none                   Default allow LAN to any rule
IPv6           LAN net            *           *            *          *                              none                    Default LAN IPv6 to any rule


I then managed to rectify the problem by editingthe default allow LAN to any rule and changing the gateway to GW_WAN:

Protocol   Source           Port   Destination  Port   Gateway                 Queue     Schedule    Description
IPv4*        192.168.3.6       *           *           *            ProtonVPN_DHCP      none                   Desktop - Traffic to VPN
IPv4*         LAN net            *            *           *           GW_WAN                  none                   Default allow LAN to any rule
IPv6           LAN net            *           *            *          *                              none                    Default LAN IPv6 to any rule

Would someone please be able to explain to me why that happened? Why was the traffic from all connected devices routed through VPN, and not just the traffic for the desktop PC (192.168.3.6)?

Online viragomann

  • Hero Member
  • *****
  • Posts: 2502
  • Karma: +264/-1
    • View Profile
Re: Why was all my traffic routed through VPN
« Reply #1 on: November 04, 2017, 04:16:47 pm »
Presumably the vpn server pushes the default route to you. To prevent that go to the client settings and check "Don't pull routes".

Offline MondQ

  • Newbie
  • *
  • Posts: 6
  • Karma: +0/-0
    • View Profile
Re: Why was all my traffic routed through VPN
« Reply #2 on: November 04, 2017, 04:48:49 pm »
Hi viragomann,
Thanks for your reply. I have ticked "Don't pull routes" in the VPN client settings now and set the default GW for the " Default allow LAN to any" rule to any (*) and now the traffic for my desktop computer is not being routed through the VPN anymore.
This is my current firewall ruleset:

Protocol   Source           Port   Destination  Port   Gateway                 Queue     Schedule    Description
IPv4*        192.168.3.6       *           *           *            ProtonVPN_DHCP      none                   Desktop - Traffic to VPN
IPv4*         LAN net            *            *           *           *                              none                   Default allow LAN to any rule
IPv6           LAN net            *           *            *          *                              none                    Default LAN IPv6 to any rule

Any idea why this might be happening? Are there now any static routes I need to add?

Online viragomann

  • Hero Member
  • *****
  • Posts: 2502
  • Karma: +264/-1
    • View Profile
Re: Why was all my traffic routed through VPN
« Reply #3 on: November 04, 2017, 05:09:12 pm »
and now the traffic for my desktop computer is not being routed through the VPN anymore.
You desktop computer is 192.168.3.6?
Since you have the vpn gateway set in the rule for its upstream traffic, it should go out to vpn, at least IPv4 traffic.

Consider that new rules doesn't affect existing connections. You'll have to reset states.

Offline MondQ

  • Newbie
  • *
  • Posts: 6
  • Karma: +0/-0
    • View Profile
Re: Why was all my traffic routed through VPN
« Reply #4 on: November 04, 2017, 05:35:45 pm »
The desktop is indeed 192.168.3.6 and yes, I did reset the state table when I changed the rules. :)

I found what the problem was. I tried ticking the "Don't pull routes" routes box again. I then noticed that my ProtonVPN gateway in System > Routing (pfSense 2.4 btw) did not have a gateway and monitor IP, so I restated the OpenVPN service, which fixed the issue as it was then given a gateway and monitor IP again.

This is the current rule set and it works perfectly:

Protocol   Source           Port   Destination  Port   Gateway                 Queue     Schedule    Description
IPv4*        192.168.3.6       *           *           *            ProtonVPN_DHCP      none                   Desktop - Traffic to VPN
IPv4*         LAN net            *            *           *           *                              none                   Default allow LAN to any rule
IPv6           LAN net            *           *            *          *                              none                    Default LAN IPv6 to any rule



Thanks for your input.