@meaglerick said in Split Tunnel with traffic selection:

It is a daemon (dns_parser) written in C that uses the Netgraph kernel system to filter traffic . And I wrote a small utility that saves and restores the contents of the tables in the database when you reload the rules.

cdd81c1d-410b-46d9-91f5-d7d9c88b6704-image.png

I need to think about how to explain to you how to set it up and run
Write me in private messages your email

I got it figured out.
I had to add a rule after the block to allow the certian IPs

First you need to configure the "Client" mode. Everything is exactly the same as I showed above. When everything is set up, and the Internet through the router will work, you need to set exactly the same Wi-Fi network settings as on the main router.

custom writings

Absolutely no clue. But everytime it happens ntopng dies because it can't connect to Redis.

@viragomann can you explain this setup a bit more starting from the azure console. The additional IP's would need to be binded to the pFsense WAN interface using powershell first correct?

And due to different reasons.. let say that site-to-to is 10.35.0.0/16.
And openvpn clients need to be 192.168.xxx.xxx
Due to restrictions of already used networks..
And since it is IPSec site to site, they are not local networks, but routes into a local network.
From 172.16.20.0/24 to 10.35.0.0/24 local.

https://docs.netgate.com/pfsense/en/latest/book/bridging/index.html

It seems that it works, I heard your review on the windows FTP client that does not handle the passive mode.

So I retested with FileZilla forcing the passive mode and it works.

I certainly had a rule that jammed before that.

Thank you for your help.

What we are here for - any other questions just ask..

When you have your rules adjusted - post them and we can discuss.

Does your alias actually populate? Lets see your rules.

Do a traceroute for some IP that is in your alias.

edit: Here I just forced traffic going to 8.8.8.8 out a vpn..

outvpn.png

Here is normal

normal.png

Did you setup your outbound nat? Did you change your vpn to not be default, ie don't pull routes or let it set routes?

keep in mind if you had existing states they would have to be flushed..

I would wager that by now google, etc have a whole ICMP infrastructure set up and the DNS servers are not actually the ones responding to pings.

You do realise a speed test will only use 1 of the 3 WAN connections.