Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Specify only traffic on specific ports goes through VPN

    Scheduled Pinned Locked Moved OpenVPN
    10 Posts 2 Posters 2.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      plainzwalker
      last edited by

      Is it possible to have only specific ports routed through a VPN and the rest routed through the normal gateway? I currently have everything running through a VPN and really only want specific traffic running through it since it seems to be messing with speed and specific sites of all the other traffic on the network.

      Thank you

      1 Reply Last reply Reply Quote 0
      • V
        viragomann
        last edited by

        You can control this on a router. So depend on if your VPN client or server is a router you can specify which traffic goes through VPN from this side.

        1 Reply Last reply Reply Quote 0
        • P
          plainzwalker
          last edited by

          @viragomann:

          You can control this on a router. So depend on if your VPN client or server is a router you can specify which traffic goes through VPN from this side.

          The VPN is setup in pFsense. I tried setting up firewall Lan rules for all traffic from 192.168.1.221 port 26688 to go to PIAVPN_VPNV4 and did an ipleak torrent test but it still seems to route through the normal gateway and not the VPN.

          1 Reply Last reply Reply Quote 0
          • P
            plainzwalker
            last edited by

            Here is my LAN rules btw.

            ![Lan Rules.PNG](/public/imported_attachments/1/Lan Rules.PNG)
            ![Lan Rules.PNG_thumb](/public/imported_attachments/1/Lan Rules.PNG_thumb)

            1 Reply Last reply Reply Quote 0
            • V
              viragomann
              last edited by

              Put your torrents rule to the top or below the Anti-Lockout rule to take effect.

              1 Reply Last reply Reply Quote 0
              • P
                plainzwalker
                last edited by

                Still getting the same results with the ip leak test. Is it possible that since all other traffic is routed through my normal gateway in pFsense that is how it is getting the IP or is this in fact not actually going through the VPN?

                Thank you

                1 Reply Last reply Reply Quote 0
                • V
                  viragomann
                  last edited by

                  I think, the IP leak test checks only traffic to port 443. You won't be able to specify the source port of this traffic.
                  To test your VPN route the whole traffic over it.

                  Policy based rule should work the way, you have done: https://doc.pfsense.org/index.php/What_is_policy_routing
                  To check if it works, you can use the packet capture tool from Diagnostic menu. Switch to the appropriate interface and look where the packet leave.

                  Just a further thing to be considered: If your VPN traffic is translated by an (automatically generated) Outbound NAT rule, you will have to add an additional rule for the torrent port to avoid translating the port. You will see the rule in Firewall > NAT > Outbound
                  Look here: https://doc.pfsense.org/index.php/Static_Port

                  1 Reply Last reply Reply Quote 0
                  • P
                    plainzwalker
                    last edited by

                    @viragomann:

                    I think, the IP leak test checks only traffic to port 443. You won't be able to specify the source port of this traffic.
                    To test your VPN route the whole traffic over it.

                    Policy based rule should work the way, you have done: https://doc.pfsense.org/index.php/What_is_policy_routing
                    To check if it works, you can use the packet capture tool from Diagnostic menu. Switch to the appropriate interface and look where the packet leave.

                    Just a further thing to be considered: If your VPN traffic is translated by an (automatically generated) Outbound NAT rule, you will have to add an additional rule for the torrent port to avoid translating the port. You will see the rule in Firewall > NAT > Outbound
                    Look here: https://doc.pfsense.org/index.php/Static_Port

                    With the packet capture I assume I should only be seeing traffic from the source IP to the VPN IP correct? If so, then it doesn't seem to be working. I created a NAT outbound rule that mimicked my firewall rule and it still doesn't seem to be working. Should this rule be on the WAN/LAN or PIAVPN rule? I currently have it under the LAN tab..

                    Thank you

                    1 Reply Last reply Reply Quote 0
                    • V
                      viragomann
                      last edited by

                      You should see the packets on LAN interface with source IP =192.168.1.221 and on VPN interface with source IP = <your vpn="" server="">, cause the source IP has to be translated by pfSense since your LAN hosts IP is unknown at the other side of the connection.</your>

                      1 Reply Last reply Reply Quote 0
                      • P
                        plainzwalker
                        last edited by

                        So I think it might be working…. I did a packet capture on the Lan interface and I see traffic between source IP and destination IPs (not the VPN one though) and I did a packet capture on the VPN interface and I see traffic between the VPN and destination IPs... Which makes me think it is working, but maybe like I intend for it to be working...

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.