AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |
Back to Blog
Protonvpn reddit1/9/2023 ![]() Useful if you need to copy a rule and then change its interface. When you create the rule this will pre-populate. Pass will allow the traffic out, Block will prevent. Your essentially allowing traffic out of the network, and forcing it to use a specific gateway, preventing miscommunication. This rule needs to be on the LAN interface (or others if you're routing other traffic). This also needs to be done to move the traffic properly. You can also allow individual IP addresses out based on the port or IP they need to go to, if certain items need to go out in different methods (game systems). That network also has a FW rule preventing comms to my protected network. For example, I have a "Utility" network which does not use the tunnel, that needs straight access to the internet. 3 and 4 are where you can get selective on what traffic uses the tunnel and what doesn't. Those are the important things on the NAT page. If this is set to something else it will send out traffic with your internal IP, confuse the hell out of a bunch of people, and probably not get you to the internet anyways (Depending on the ISP) This will ensure that your internal traffic, when leaving, shows as the VPN tunnel IP. (4) Destination set to any to cover all traffic going out. You can use different subnets if you want to split traffic ( 192.168.1.128/25 for example will cover the top of the Class C) Set this to the IP address range you want to go through the tunnel. If you want you can limit to TCP, but you're gonna have leaks (2) Set protocol to "any" as you want all traffic to go through the tunnel. Instead you're setting this to PROTONVPN so your traffic goes through the VPN tunnel, which itself is already going through the WAN interface. Normally this is set to WAN so your outbound traffic "leaves" the router through the WAN. It is where the traffic will pass through. So lets start with the NAT rule, cause you're not going anywhere without itįirst you want to enable Manual Outbound NAT (or Hybrid will work too, you just want to be able to create your own rules. I've done a lot of troubleshooting with this config so if you have a problem, I probably did at one point as well.įor the question by u/ rotorbudd, I don't know what your level is so I'm sorry if this is done at a basic level, just making it so anyone can understand. I did try to accept some traffic through, but it wasn't forwarding properly. A new firewall interface becomes available for incoming connections from the tunnel, but leave it empty so it blocks all. This is why I didn't use it before.Ĭreate NAT rules to forward the traffic from your LAN subnet to the ProntonVPN InterfaceĬreate Firewall Rule to send traffic to the ProtonVPN Gatewayįrom there you should be all set. *NOTE* IF YOU SET THE UPSTREAM GATEWAY IT WILL HAVE DNS LEAK, OR SHOW UP ON A DNS TEST FROM THE TUNNEL. Set upstream gateway to the one you just created Interdface set to the one you create aboveĪt the bottom select "Use non-local Gateway" Put the Endpoint Address in from the config that you got aboveĬreate an interface, and assign it to the tunnel you just created Tunnel should be the one you just created. Input your private key that was generated from the website above, it will generate a public key automatically Install the WireGuard Package from Package Manager You just need to cherry pick the information you need (private key, endpoint address/port, endpoint public key) and input them where needed. When you generate a key it will pump out a wireguard config. You can have 10 devices connected at once, so you can generate multiple certificates for different routers. ![]() If/when you have an account (that supports WireGuard, not free), go to to generate a private key for your router. ![]() This was configured on the community edition, and now the pfSense+, which is free so not a bad idea to upgrade if you want/can. I updated my ProtonVPN Wireguard configuration, new changes work well, nothing much changed from before, just some "minor" settings.
0 Comments
Read More
Leave a Reply. |