====== PFSense - VPN - Use ExpressVPN - Configure Firewall ====== Now that the tunnel is online, you need to tell all of your traffic to be NAT’d properly. ===== Configure NAT ===== **NOTE:** This will be using the **Manual Outbound NAT rule generation**. An Alternative method is using the **Hybrid Outbound NAT rule generation**. See [[PFSense:Use ExpressVPN:Configure Firewall:Hybrid Outbound NAT rule generation|Hybrid Outbound NAT rule generation]] Navigate to **Firewall -> NAT -> Outbound**. * Select **Manual Outbound NAT rule generation**. * Press **Save**. Then multiple rules will appear. (Usually 4 rules). Duplicate each of these rules exactly, but change their interface to the ExpressVPN or OpenVPN interface, clicking Save after each rule is duplicated. Against the rule **Auto created rule - LAN to WAN**, click on the icon on the right side that looks like two pages (a square overlapping another square). {{:pfsense:use_expressvpn:pfsense_firewall_nat_outtbound_-_lan_to_wan.png?800|}} In the window that pops up:, the only selection you will be changing is the **Interface” section**. * Interface: Click the drop-down and change from **WAN** to the name of the Interface you created previously, in this case **VPN_WAN**. * Click **Save**. {{:pfsense:use_expressvpn:pfsense_firewall_nat_outtbound_-_lan_to_wan_-_edit.png?800|}} * Repeat this for the other interfaces. * Click **Apply Changes** at the top. The result should be similar to this (the interface names may differ depending on what you used): {{:pfsense:use_expressvpn:pfsense_-_nat_-_outbound_-_openvpn.png?800|}} ---- ===== Configure Firewall Rules ===== Create a rule to redirect all local traffic through the ExpressVPN gateway you previously created. Navigate to **Firewall > Rules**: Click on **LAN**. Click the **Add** button with the up arrow (the far left button). {{:pfsense:use_expressvpn:pfsense_firewall_rules_-_buttons_-_add_top.png?600|}} Enter the following: In **Edit Firewall Rule**: * Action: **Pass**. * Disabled: **Not Checked**. * Interface: **LAN**. * Address: **IPv4**. * Protocol: **Any**. In **Source**: * Source: Select **Single host or alias**; and type the name of the host or alias that should use the VPN. in **Destination**: * Destination: **any**. In **Extra Options**: * Log: **Not Checked**. * Description: Enter something meaningful to you. For example **LAN TRAFFIC –> EXPRESSVPN**. Click the blue **Display Advanced** button. {{:pfsense:use_expressvpn:pfsense_firewall_rules_-_display_advanced.png?200|}} In **Advanced Options**: * Gateway: **VPN_WAN**. * Leave everything else. * Click **Save**. {{:pfsense:use_expressvpn:pfsense_firewall_rules_-_advanced_options_-_gateway.png?800|}} ---- ===== Complete ===== You are finished! You should now start to see traffic flowing through your new rule you created, confirming that the traffic is moving through the ExpressVPN tunnel you created. ---- Now [[PFSense:VPN:Use ExpressVPN:Check that VPN is working|Check that VPN is working]].