Selective routing not working
-
This is my configuration however everything seems to go through the VPN and it doesnt avoid my preset destinations
-
Please use the 'Upload Image' button.
Most people includung me don't want to follow external unknown URLs...-Rico
-
This post is deleted! -
Make sure to check the "Don't pull routes" Option in your OpenVPN Client Configuration.
-Rico
-
@Rico it is checked
-
Well you have traffic flowing via your WAN_DHCP Gateway, it shows 4.59 GiB for GamingIPS.
What exactly is the problem?-Rico
-
Well when I try to download a game through steam which gaming ips is all of steams URLs it still uses the VPN or when I go on Netflix it still says I'm using a proxy
-
Check the States an if the Steam IP is in your Alias or not, maybe you are missing something there.
-Rico
-
I do I even got a test one set up to avoid vpn but whever I go on speed test it still shows vpn ip
-
you see when I download somthing it all goes through the VPN
-
A proper whitelisting is much harder then just put the website URL into some Alias...
For example, the IP for speedtest.net has zero to with the target IP of the server which is performing the speedtest. Let's see...nslookup speedtest.net Name: speedtest.net Addresses: 151.101.194.219 151.101.2.219 151.101.66.219 151.101.130.219
Now let's do the speedtest and check which IP we hit.
The problem is, of course we could just add 185.60.197.7 into our Alias...but the next speedtest would probably hit any other IP.
If the website owner has no public documentation of all IP ranges they use it is almost impossible to catch alle their servers.-Rico
-
@Rico I understand your point for speed test however why does it not work for ports and steam as that is done through DNS
like why is 100% of my traffic going through the VPN when I look at the graphs
-
Show your Port alias and states so we can check.
-Rico
-
@Rico Sure
-
This does not look like a big download and is mostly https (443) traffic not hitting your Rule.
-Rico
-
@Rico so what should I do add port 80 adnd 443 to the rule ?
-
Here is a (hopefully) complete list containing all Valve Servers: https://bgp.he.net/AS32590#_prefixes
Create an Alias for it with all Prefixes and move the Firewall Rule on top, delete your other Rules.-Rico
-
@Rico Yeah About that my pfsense kinda crashed after I put it all in cus theres a limit of 5000 hosts per alias but thats far more I mean the first 10 ips hit that limit and theres 30 so ill need to make like 6 aliases for it
-
You add the networks as they are reported in the List, not single host.
-Rico
-
@Rico said in Selective routing not working:
add the networks as they are reported in
Hahah no wonder were running out of IPv4 when companies like steam are ussing them like internal Ips