Hello I’m a new member to this forum but i have used it a lot before i became a member.
I have a router with pfSense but would like to change it in favor for OpenBSD pf .
My setup looks like this.
ISP **** ROUTER **** AP
I run one Openvpn client on the router so that all machines on the wifi AP goes through the vpn.
Now comes the problem i would want some of the clients ip addresses to be routed through wan (without VPN) i have tried different routing alternatives but i haven’t find anything that works.
Everything else seems to work even the "killswitch".
Here is my pf.conf any suggestions on optimizations would also be appreciated
thanks in advance !!
Code:
ext_if = "em0" # External interface
int_if = "em1" # Internal interface
vpn_if = "tun0" # Vpn interface
table <martians> { 0.0.0.0/8 10.0.0.0/8 127.0.0.0/8 169.254.0.0/16 \
172.16.0.0/12 192.0.0.0/24 192.0.2.0/24 224.0.0.0/3 \
192.168.0.0/16 198.18.0.0/15 198.51.100.0/24 \ 203.0.113.0/24 }
set block-policy drop
set loginterface $ext_if
set skip on lo0
match in all scrub (no-df random-id max-mss 1440)
match out on $ext_if inet from ($int_if:network) to any nat-to ($ext_if:0)
match out on $vpn_if inet from ($int_if:network) to any nat-to ($vpn_if:0)
block in quick on $ext_if from <martians> to any
block return out quick on $ext_if from any to <martians>
block all
pass in on $int_if from $int_if:network to any tag NO_WAN_EGRESS keep state
block quick on $ext_if tagged NO_WAN_EGRESS
#block return out quick on $ext_if tagged NO_WAN_EGRESS
pass out quick inet
#pass in on $int_if inet