Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Can make an exception a site from the VPN??

    Scheduled Pinned Locked Moved OpenVPN
    6 Posts 4 Posters 2.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      georgezaf
      last edited by

      hi..i use openVPN on pfsense router.. All trafic insite VPM…
      Can i make an exception a site from the VPN?

      e.g. facebook.com out from WAN ip address and alla other network out from my vpn...

      Please help me... New from Pfsense

      1 Reply Last reply Reply Quote 0
      • S
        Slugger
        last edited by

        Yes… sort of.  If you know every IP address facebook uses then you could easily create rules to route all such traffic thru the WAN instead of the VPN.  The tricky part is accurately identifying all of those IPs.

        Instead, it's much easier to create a vm or some other client machine specifically for this use and policy route all its traffic thru the WAN instead of the VPN.  By doing it this way, you need to only policy route one single, known IP instead of having to try to figure out all of facebook's IPs.

        1 Reply Last reply Reply Quote 0
        • M
          marvosa
          last edited by

          The bad grammar aside, it sounds like you want to route traffic destined for facebook out your WAN instead of your VPN.

          Yes it can be done.  At a high level, you will have to create an alias for all of facebook's IP and then policy route traffic destined for that alias out your WAN.

          A few google searches brought up this site -> https://ipinfo.io/AS32934 which says there are 90,000+ IP's assigned to Facebook in various ranges.  Someone also posted that you can gather facebook's IP's by issuing the following command in your PFsense shell or a linux box:

          whois -h whois.radb.net – '-i origin AS32934' | grep ^route

          1 Reply Last reply Reply Quote 0
          • G
            georgezaf
            last edited by

            sorry for bad english
            can you show me a few screenshot how can I make?
            in firewall aliases add some url but all comes from vpn

            1 Reply Last reply Reply Quote 0
            • M
              marvosa
              last edited by

              in firewall aliases add some url but all comes from vpn

              Change the type to "Network(s)" and start adding Facebook networks (there's a bunch of them)

              can you show me a few screenshot how can I make?

              Add a firewall rule on your lan tab with the following:

              • Source = any

              • Destination = Single host or alias then select your alias as the destination address

              • In the Extra Options section, click the "Display Advanced" button, scroll down to Gateway and choose the correct gateway that will route traffic out your WAN (typically "default")

              1 Reply Last reply Reply Quote 0
              • M
                marvosa
                last edited by

                @jingles
                You just want to review that section and verify that traffic matched on that rule is being routed thru the default gateway instead of the VPN gateway.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.