Differences

This shows you the differences between two versions of the page.

--- pfsense:install_pfsense:pfsense_configuration [2021/01/05 13:39] – [DNS Server Settings] peter
+++ pfsense:install_pfsense:pfsense_configuration [2023/04/22 08:31] (current) – peter
@@ Line 7: / Line 7: @@
 In **DNS Server Settings**:
-  * DNS servers:  **Any DNS Servers you want to use**.  The Servers here are **not** going to be used, as long as Unbound is not working in Forwarding Mode, so just leave it as default, since we are using the **Resolver** Option for Unbound.
+  * DNS servers:  **Any DNS Servers you want to use**.  The Servers here are **not** going to be used, as long as Unbound is not working in Forwarding Mode, so just leave it as default, since we will be using the **Resolver** Option for Unbound.
-    * Use Gateway:  **none**.  Only needed on Multi-WAN networks.  As Unbound will be doing the Resolving, these  configuration they are not used anyway.
+    * Use Gateway:  **none**.  Only needed on Multi-WAN networks.  As Unbound will be doing the Resolving, these  configuration are not used anyway.
   * DNS Server Override:  **Not Checked**.  To prevent any DNS configuration setup on the system being overridden by the ISP or other applications.
-  * Disable DNS Forwarder:  **Not Checked**.  To have pfSense use it's local cache for lookups.
+  * Disable DNS Forwarder:  **Not Checked**.  To have pfSense use its local cache for lookups.
 <WRAP info>
@@ Line 32: / Line 32: @@
   * Dashboard Columns:  **3**.
-  * Click **Save**.
 <WRAP info>
@@ Line 39: / Line 38: @@
 {{:pfsense:install_pfsense:pfsense_-_system_-_general_setup_-_webconfigurator.png?800|}}
+  * Click **Save**.
 ----
@@ Line 52: / Line 53: @@
   * Allow Agent Forwarding:  **Not Checked**.
   * SSH Port:  **22**.
+{{:pfsense:install_pfsense:pfsense_-_system_-_advanced_-_admin_access_-_secure_shell.png?800|}}
+  * Click **Save**.
 <WRAP info>
@@ Line 62: / Line 67: @@
 </WRAP>
-{{:pfsense:install_pfsense:pfsense_-_system_-_advanced_-_admin_access_-_secure_shell.png?800|}}
-  * Click **Save**.
@@ Line 144: / Line 146: @@
   * Unknown Power:  **Hiadaptive**.
-{{:pfsense:install_pfsense:pfsense_-_diagnostics_-_dns_lookup.png?800|}}
+{{:pfsense:install_pfsense:pfsense_-_my_configuration_-_system_-_advanced_-_miscellaneous_-_power_savings.png?600|}}
 In **Cryptographic & Thermal Hardware**:
@@ Line 160: / Line 162: @@
   * State Killing on Gateway Failure:  **Not Checked**.
-  * Skip rules when gateway is down:  **Checked**.
+  * Skip rules when gateway is down:  **Not Checked**.
+<WRAP alert>
+**ALERT:**  Take special note of the **Skip rules when gateway is down** option.
+One might think that with the check mark unchecked, means that it skips rules when the gateway is down.  But no, it means just the opposite!
+  * By default, when a rule has a specific gateway set, and this gateway is down, a rule is created and traffic is sent to default gateway.
+  * This option overrides that behavior and the rule is not created when gateway is down.
+The end result is that if the rules are routing your private traffic over a VPN, but then the VPN goes down for some reason, the system silently routes your traffic to the default network.
+  * Not even the firewall logs provide an alert.
+  * They even show the defined gateway rules still executing properly!
+If there is a need to still allow a computer to access the internet anytime (even when VPN is down) then a rule will be needed in **Firewall -> Rules -> LAN** to allow the internal IP address there.
+  * If this access if only needed when the VPN is down, then put it in the LAN firewall rules list after the normal policy-routing rule for VPN traffic.
+  * That way it only comes into play when the VPN is down.
+</WRAP>
 <WRAP info>