Sign in to follow this  
Followers 0

OpenVPN Step-by-Step Setup for pfsense firewall router

1 post in this topic

Hey, You can set up Pfsense to use certain static IP addresses to connect to different VPN or WAN addresses. I have a openVPN set up locally and one for USA to watch netflix, I have each set up to be used on 10 IP slots, so to change VPN to USA I just change the static IP on the host PC and same with the WAN I can turn VPN off by switching static IP on PC.

Create a Alias:
To do this first head over to firewall / Aliases. Under IP click the add new alias

Then fill in the info like so 

Name: Name it what ever for example "PIASydneyIP" (can named anything)
Description: Not needed. 
Type: Host(s)
Host(s): Click add entry and enter a IP you want to use for the static IP to use for VPN. Click add again to add another. Mine I added 10 IP addresses but you can add only one or how ever many you like. So mine is -


Then if you want to have several OpenVPN connections IE another to USA like I have repeat the original post to add a new OpenVPN on a different connection. Then repeat the above to set a new range of IP addresses I have - For the USA VPN. 

Create Pass threw Rule:

Now you need to make a rule so that the aliases you set above over rule the WAN rule. So go into Firewall / Rules / LAN.

Click Add New Rule. and change these.

Protocol: ANY
Source: Type in your alias name I made it "PIASydneyIP'
Description: Give it a name like "Sydney VPN Passthrew" 
In advance features change this.
Gateway: Your OpenVPN gateway you want to use 


Now save the rule. Repeat this if you want to set another VPN connection location for different IP addresses. 

Set Up WAN Addresses:

Now you need to set a rule for WAN you could set it to connect to certain IP like the above rules, But I have it using all the rest of the available IP addresses left to do that this is how. 

In Firewall / Rules / LAN

add new rule. 

change this settings. 

Protocol: any
Source: LAN Net (from drop down box) 
Description: WAN Passthrew
Gateway: WAN (from drop down box)

Click save. 


Change the order:

Now back in Firewall / Rules you will need to put rearrange the order of the rules. It should but like this (the order of the OpenVPN rules do not matter as long as they are above WAN)

WAN Passthrew 
Any rules left over


As the rules at the top over ride the rules underneath you want the VPN on top then any IP addresses the VPN rules are not using the WAN will use. On your desktop set the static IP like normal but change IP to the connection you want to access. 

Say I want just VPN I put 192.168.131 and it will be on local VPN
Say I want to watch netflix from USA on my TV I change it to
Say I want to use ISP IP on my tablet to play games I set it to

Now you can have as many devices you want connected to any of the networks all at the same time and changing VPN connection on the fly on any device is easy just change your static IP. 

Another advantage of this if the VPN drops out it will not revert back to your WAN connection as its on a separate IP your internet will just fail to load pages so you will know when the VPN drops out. 

Set up website based fall back to WAN from VPN connection:

You can also set a rule to exclude websites to use the VPN so it will bypass the VPN even when your connected to it. I do this with cloudflare as I have been banned from sites using cloudflare while I was on VPN. So I have put a rule in so I dont have to change to WAN when I access them. 

Here is how to setup for cloudflare but you can add alias like above for several sites if you like but you need to use the sites IP not address. 

First off go to Aliases / URLs as cloudflare have a text file to add as there is to many addresses to add manually. 

click add new aliases. 

Name: CloudFlareIP
Description: can be blank
Type: URL Table (IPs)
URL Table (IPs):
put in the amount of days you want it to update, I am not sure if they do update it or not but I put 30.


You can make your own rule for single sites the same as you made the aliases for the openVPN 

Go to firewall / Rules / LAN

Add New Rule. 

Change these

Protocols: any 
Source: LAN 
Destination: CloudFlareIP (or any other alias you set) 
Description: ClourFlareBypass
Gateway: WAN 


Now save and back on the LAN page make sure this rule is at the very top above the VPN rules 

To check whether the CloudFlare bypass works go to as it uses CloudFlare. It should show your ISP address then go to and it should show your VPN IP. 

Change static IP and  check IP again to make sure its all working. 

Of course if you want only 1 VPN to not use the VPN for CloudFlare sites then change the order. So say we want CloudFlare to bypass LocalVPN but the USAVPN to be a closed VPN with no bypass your order will need to be like this. 



hope that makes sense I am not real good at explaining things lol

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  
Followers 0