Site to site OpenVPN for only some traffic



  • Hi!

    i have a site to site openvpn between 2 pfsense boxes working like a charm…

    Currently all traffic between sites is going through the tunnel in both ways but i would like to have an exception... SSH traffic!

    is there any way to make ssh traffic between sites not going through the tunnel?

    Maybe this is a trivial question but to my knowledge it is everything or nothing!

    Thanks!

    Pedreter



  • You have to do policy based routing:
    https://doc.pfsense.org/index.php/What_is_policy_routing

    Add a firewall rule which allow SSH (dest. port 22) to the interface, where the traffic comes in. In the rule open the advanced options, go down to gateway and select your WAN gateway.
    Place this rule above the default rule.



  • @viragomann:

    You have to do policy based routing:
    https://doc.pfsense.org/index.php/What_is_policy_routing

    Add a firewall rule which allow SSH (dest. port 22) to the interface, where the traffic comes in. In the rule open the advanced options, go down to gateway and select your WAN gateway.
    Place this rule above the default rule.

    Thanks Viragomann…

    i have to be doing something wrong because it does not work... after following your instructions SSH traffic still goes through the tunnel...

    is there any other detail to have in consideration???

    Thanks!

    Pedreter.



  • Have you put this rule to the top of the ruleset?


Log in to reply