PFSense - VPN - Use ExpressVPN - Configure Firewall

Now that the tunnel is online, you need to tell all of your traffic to be NAT’d properly.

Navigate to Firewall → NAT → Outbound.

• Select Manual Outbound NAT rule generation.
• Press Save.

Then multiple rules will appear. (Usually 4 rules).

Duplicate each of these rules exactly, but change their interface to the ExpressVPN or OpenVPN interface, clicking Save after each rule is duplicated.

Against the rule Auto created rule - LAN to WAN, click on the icon on the right side that looks like two pages (a square overlapping another square).

In the window that pops up:, the only selection you will be changing is the Interface” section.

• Interface: Click the drop-down and change from WAN to the name of the Interface you created previously, in this case VPN_WAN.
• Click Save.

• Repeat this for the other interfaces.
• Click Apply Changes at the top.

The result should be similar to this (the interface names may differ depending on what you used):

Create a rule to redirect all local traffic through the ExpressVPN gateway you previously created.

Navigate to Firewall > Rules:

Click on LAN.

Click the Add button with the up arrow (the far left button).

Enter the following:

In Edit Firewall Rule:

• Action: Pass.
• Disabled: Not Checked.
• Interface: LAN.
• Address: IPv4.
• Protocol: Any.

In Source:

• Source: Select Single host or alias; and type the name of the host or alias that should use the VPN.

in Destination:

• Destination: any.

In Extra Options:

• Log: Not Checked.
• Description: Enter something meaningful to you. For example LAN TRAFFIC –> EXPRESSVPN.

Click the blue Display Advanced button.

In Advanced Options:

• Gateway: VPN_WAN.
• Leave everything else.
• Click Save.

You are finished!

You should now start to see traffic flowing through your new rule you created, confirming that the traffic is moving through the ExpressVPN tunnel you created.

Now Check that VPN is working.