Can make an exception a site from the VPN??



  • hi..i use openVPN on pfsense router.. All trafic insite VPM…
    Can i make an exception a site from the VPN?

    e.g. facebook.com out from WAN ip address and alla other network out from my vpn...

    Please help me... New from Pfsense



  • Yes… sort of.  If you know every IP address facebook uses then you could easily create rules to route all such traffic thru the WAN instead of the VPN.  The tricky part is accurately identifying all of those IPs.

    Instead, it's much easier to create a vm or some other client machine specifically for this use and policy route all its traffic thru the WAN instead of the VPN.  By doing it this way, you need to only policy route one single, known IP instead of having to try to figure out all of facebook's IPs.



  • The bad grammar aside, it sounds like you want to route traffic destined for facebook out your WAN instead of your VPN.

    Yes it can be done.  At a high level, you will have to create an alias for all of facebook's IP and then policy route traffic destined for that alias out your WAN.

    A few google searches brought up this site -> https://ipinfo.io/AS32934 which says there are 90,000+ IP's assigned to Facebook in various ranges.  Someone also posted that you can gather facebook's IP's by issuing the following command in your PFsense shell or a linux box:

    whois -h whois.radb.net – '-i origin AS32934' | grep ^route



  • sorry for bad english
    can you show me a few screenshot how can I make?
    in firewall aliases add some url but all comes from vpn



  • in firewall aliases add some url but all comes from vpn

    Change the type to "Network(s)" and start adding Facebook networks (there's a bunch of them)

    can you show me a few screenshot how can I make?

    Add a firewall rule on your lan tab with the following:

    • Source = any

    • Destination = Single host or alias then select your alias as the destination address

    • In the Extra Options section, click the "Display Advanced" button, scroll down to Gateway and choose the correct gateway that will route traffic out your WAN (typically "default")