Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    How to only send specific route through OpenVPN client connection

    Scheduled Pinned Locked Moved Routing and Multi WAN
    5 Posts 2 Posters 733 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      soupdiver
      last edited by

      I have a weird problem with my ISP which results in a broken routing and I only get around 100kb/s from github. It's not clear when/if this will be resolved.
      To work around this problem I tried to setup that only traffic to that specific route should travel through my VPN.

      VPN provider is NordVPN and I used their howto to setup my client: https://support.nordvpn.com/Connectivity/Router/1089079142/pfSense-2-4-4-setup-with-NordVPN.htm

      I did not apply all the settings because I don't want to send everything through the VPN but made some "best guesses" about what I need and what not. The VPN connection seems to work (I get an IP and traffic flows) but my configuration seems not 100% correct.

      My naive approach was to create a static route for the desired network (140.82.112.0/20) and assign it to the NordVPN gateway.
      This seemed to kind of work. My github downloads were ok again but Amazon Prime started to say we're using a VPN. So somehow more than just the wanted traffic went through the VPN but for sure not everything. Also my IP address was detected not as my home IP but as the VPN IP I guess.

      So my question: How do I configure my routes/NAT/FW rules that only traffic for specific networks is sent through the VPN connection but not all the other traffic?

      1 Reply Last reply Reply Quote 0
      • bingo600B
        bingo600
        last edited by bingo600

        Policy routing

        That way you can control (match) the source ip (local ip) , and set it to forward "only the matches" via the OpenVPN Gateway.

        I gave some hints here
        https://forum.netgate.com/post/954969

        Edit:
        There might be something with an option "Don't pull routes" , that can come in handy. Haven't tried it

        https://forum.netgate.com/topic/148615/openvpn-client-port-forward-guidance

        If you find my answer useful - Please give the post a šŸ‘ - "thumbs up"

        pfSense+ 23.05.1 (ZFS)

        QOTOM-Q355G4 Quad Lan.
        CPUĀ  : Core i5 5250U, Ram : 8GB Kingston DDR3LV 1600
        LANĀ  : 4 x Intel 211, DiskĀ  : 240G SAMSUNG MZ7L3240HCHQ SSD

        S 1 Reply Last reply Reply Quote 0
        • S
          soupdiver @bingo600
          last edited by

          @bingo600 ok, I could get the FW rules working. I think my ordering was wrong.

          However this brought up another interesting issue.
          I added a FW on the LAN interface with my computers ip as the source , destination 52.0.0.0/8 and gateway my nordvpn gateway.
          On my machine I could verify via traceroute that this seems to work. On another machine it's still the original state.

          But: After adding this rule netflix.com won't load anymore on any computer in the network via IPv6. Seems Netflix prefers IPv6.
          Using curl shows that the request hangs in 7/10 times. Forcing curl to use IPv4 makes it work. I would expect that the other clients would also fallback to v4 but they hang. After removing my previously added rule Netflix loads fine via v6 again.

          I have no idea how this should be related. Maybe something on a different layer

          bingo600B 1 Reply Last reply Reply Quote 0
          • bingo600B
            bingo600 @soupdiver
            last edited by

            @soupdiver

            Netflix is a totally different beast , that does a lot to detect if you are "cheating"
            There are other posts on this forum that explains about that.

            If you find my answer useful - Please give the post a šŸ‘ - "thumbs up"

            pfSense+ 23.05.1 (ZFS)

            QOTOM-Q355G4 Quad Lan.
            CPUĀ  : Core i5 5250U, Ram : 8GB Kingston DDR3LV 1600
            LANĀ  : 4 x Intel 211, DiskĀ  : 240G SAMSUNG MZ7L3240HCHQ SSD

            S 1 Reply Last reply Reply Quote 0
            • S
              soupdiver @bingo600
              last edited by

              @bingo600 said in How to only send specific route through OpenVPN client connection:

              @soupdiver

              Netflix is a totally different beast , that does a lot to detect if you are "cheating"
              There are other posts on this forum that explains about that.

              Yea but what I don't understand is why it's affected at all. I add a filter rule for my machine on ipv4 and something on ipv6 breaks everywhere else.

              What I can think of is that they probe not only my v6 but also v4 addresses and maybe shutdown everything if it looks suspicious. Who knows. Guess I have to finder another exit šŸ˜

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.