pfSense VPN Gateway (WireGuard + NordVPN)
Steps
- Install WireGuard (if needed) and configure tunnel with NordVPN keys.
- Assign interface
WG_NORDVPN as OPT and enable it. - Create gateway on this interface.
- Outbound NAT: add rules for VLAN50 (or specific hosts) → VPN interface.
- Firewall rules on VLAN50: policy-route via the VPN gateway.
- Test with
traceroute or an external IP check from affected LXCs.
Notes
- Keep DNS from leaking to WAN by setting DNS on that VLAN to a non-leaking resolver or via the tunnel.
- Failover: add monitor IP for the VPN gateway.