Exclude sites from VPN connection?
-
I'm using PIA VPN service and have the majority of my clients routed through the tunnel. A handful of clients are not for ease of use/speed, these include dedicated media players, video game consoles, location dependent clients.
However, lately I'm noticing several sites that kick back error messages when attempting to use them via VPN. I know this due to testing with a WAN only client at the time of the error.
How can I go about adding specific site exceptions that will properly work based on a URL or IP?
Examples are:
papajohns.com (sometimes works, sometimes nothing)
spg.com (403 error)
craigslist.org (claims banned IP)
-
I assume that your default gateway is the VPN uplink, or you have a "catch-all" rule at (or near) the end of the LAN rules that passes most "default" traffic and specifies the PIA VPN gateway.
-
Make an alias "special" for the things you want to direct away from the VPN - it can include URLs and IPs.
-
Add a rule near the top of the LAN rules to pass traffic with destination "special" and specify gateway as the ordinary gateway on WAN.
I think it is that easy - the rule will push the traffic out the ordinary WAN, the default NAT on the way out will give the traffic a source IP of the ordinary WAN address, so return traffic will come to the ordinary WAN address…
-
-
yup its that easy - worth also thinking about using pfblockerng to maintain the lists which allows use of AS numbers which can be helpful for larger sites etc.