Policy Based Routing not working.
-
I am trying a slightly unusual setup, I have a VPN (Cloudflare WARP) and basically what I want to do is to identify traffic that is going to one of cloudflare’s IP4 addresses, and if so then route that traffic through the gateway for the Cloudflare WARP VPN.
I have set up the VPN, and it works if I change the default gateway but then all traffic goods through it, I set up an alias for the range of Local IPs as well as an alias for Cloudflare IP’s (Cloudflare maintain a txt list url).
I created a firewall rule, which basically says if traffic is coming in to an interface, is IP4, and is TCP/UPD and it’s destination is the Cloudflare alias, then use the VPN gateway but it never works.
I have tried in and out directions, with and without local IP but I can’t seem to get it to route through Cloudflare.
I tried clearing state tables as well, no luck. Am I missing something in my config which would explain this?
Many thanks!
-
@TravisH
Change the alias type to "URL (IPs). It's not an URL table. -
@viragomann that didn’t seem to make any difference, out of interest how is the link not a url table (IPs), they change over time so as I understand it, using URL (IPs) won’t work since it’s designed for a once off (?), but also it’s designed for a smaller list of IPs not the CIDR ranges?
-
@TravisH not sure if this helps, but it seems like the destination criteria is not triggering the rule, I changed it to a temp list which had some IP addresses in it, but that didn’t make any difference to getting traffic to go down the VPN.
-
@TravisH
Hover over the alias to display its content or check it in Diagnostic > Tables and verify it the IPs or subnets are loaded correctly into the alias. -
@viragomann the table looked fine in the diagnostics, also I picked an IP within one of the range to check just to see and still nothing.
-
@TravisH
The rule is not applied, however. So either it doesn't match or more probably another rule has precedence. Possibly a rule on the interface tab.If you want give priority to floating rule over interface rules you have to check the Quick option.
