1
Virtual private networks / VPN Gateway Subnet Routing
« on: February 21, 2023, 05:31:54 pm »
I have added Mullvad WireGuard VPN to my Router as a gateway following https://mullvad.net/en/help/pfsense-with-wireguard/ up until "Configure the outbound firewall", I have modified no firewall rules but it seems as though even with no routing modifications, once I added the gateway, now all traffic is going through the Mullvad VPN, while that is nice, it is not ideal as certain sites do not let you on when using a VPN. I would like to make firewall rules where I have all `192.168.1.0/24` traffic going through WAN gateway and `192.168.2.0/24` (using Virtual IP) going through the Mullvad Gateway that way I can get the best of both worlds (this can be very helpful to run this at the router level and route it transparently so I can use proxies/VPNs even on devices which may not have good support (or any), I have looked up so many different terms on the search engine and tries so many different fixes and read the documentation and tried to make my own rules (both almost exclusively in the Firewall->NAT->Outbound and Firewall->Rules) and I can't get it to work, I did come across a term which may assist in understanding, when I looked it up, the term used was "Policy based routing".
Firewall->NAT->Outbound:
MullvadVPN LAN networks, Loopback networks, 127.0.0.0/8, 10.0.0.0/24 * * 500 MullvadVPN * YES Auto created rule for ISAKMP
MullvadVPN LAN networks, Loopback networks, 127.0.0.0/8, 10.0.0.0/24 * * * MullvadVPN * NO Auto created rule
WAN LAN networks, Loopback networks, 127.0.0.0/8, 10.0.0.0/24 * * 500 WAN * YES Auto created rule for ISAKMP
WAN LAN networks, Loopback networks, 127.0.0.0/8, 10.0.0.0/24 * * * WAN * NO Auto created rule
I have tried manual rules only and hybrid and tried to override the automatic rules and change it to have WAN take precedence assuming Mullvad is the first rule (given the ordering of the rules) and uses that but that seems to be wrong as manual rules and hybrid override didn't appear to work. But also it appears manual rules don't have the same settings or perhaps look, for example, Nat Address only allows WAN net or WAN address, not just WAN and the automatic rules are able to select multiple sources (I was able to with an alias but still doesn't look the same as the automatic rules but I'd suspect that could just be a compact way to show the automatic rules).
Firewall->NAT->Outbound:
MullvadVPN LAN networks, Loopback networks, 127.0.0.0/8, 10.0.0.0/24 * * 500 MullvadVPN * YES Auto created rule for ISAKMP
MullvadVPN LAN networks, Loopback networks, 127.0.0.0/8, 10.0.0.0/24 * * * MullvadVPN * NO Auto created rule
WAN LAN networks, Loopback networks, 127.0.0.0/8, 10.0.0.0/24 * * 500 WAN * YES Auto created rule for ISAKMP
WAN LAN networks, Loopback networks, 127.0.0.0/8, 10.0.0.0/24 * * * WAN * NO Auto created rule
I have tried manual rules only and hybrid and tried to override the automatic rules and change it to have WAN take precedence assuming Mullvad is the first rule (given the ordering of the rules) and uses that but that seems to be wrong as manual rules and hybrid override didn't appear to work. But also it appears manual rules don't have the same settings or perhaps look, for example, Nat Address only allows WAN net or WAN address, not just WAN and the automatic rules are able to select multiple sources (I was able to with an alias but still doesn't look the same as the automatic rules but I'd suspect that could just be a compact way to show the automatic rules).