First, let me say that I’m very new to Pfsense (just got my firewall 1 week ago) and networking, so I’m sorry if my question is dumb.
I pay for a ProtonVPN subscription and use it around 50% of the time, meaning that normally I will keep it off and just turn it on on-demand. Since they don’t support custom DNS, every time I enable their VPN, I lose access to my local servers using my domain name (managed by Pfsense) since I will start using their DNS instead of my local Pfsense one.
So basically I´’m trying to find a way to enable the VPN on-demand and still keep access to my server via my domain name and use my local DNS provider.
First I tried getting their servers Wireguard files, changing the DNS key to route to my Pfsense local IP and use that to connect to the VPN instead of their app. It kinda works, but it is unstable, it will resolve the DNS correctly for some seconds and then stop for some time.
Then, I though about adding the VPN config directly in Pfsense, I didn’t test it, but I´’m pretty sure that using it in this way would allow me to still use Pfsense as my DNS and keep my access to my local domain, but from the tutorials that I found, I can´’t make this be “on-demand”, it is necessary to be always-on which I don’t want.
The only way that I was able to make this work was to connect to Proton VPN normally from their app, and then also connect to my Tailscale VPN which will give me access to my local domain. This works, but seems kinda dumb tbh.
Finally I was reading a little bit about chaining VPN, and that made me wonder if I can somehow use that to make my requirements work.
So, what I was wondering is if I can first create a always-on Wireguard configuration for a Proton VPN, then create a local Wireguard VPN server in Pfsense, and route/chain the Proton VPN connection via that local Wireguard VPN (and, of course, have the local Wireguard VPN use my local DNS server).
That way I think I would be able to connect to that local Wireguard VPN using just the Wireguard client and it would just work.
Is this possible? If so, can you give me hints or some documentation on how to make this work? If not, do you have any other suggestion to make this work?
Thanks for the help!