How Do I Set Up Selective Routing To A VPN?



  • Hello all, new to pfSense and I was able to configure pfSense with OpenVPN using Private internet access. So now my entire network is protected by the VPN, but that's what I don't want. What I want is to have it set up so that I can just enter a website or set of IPs on the web ui and have anything connected to the network that's using that website or set of IPs to go through the VPN.

    TLDR: Don't want my entire network protected by a VPN, just want to be able to put skype's IPs on the web ui and any device connected to the network that's using skype will go through the VPN.

    Very frustrated right now and I have been trying to get this to work for over 4 hours now. Any help would be appreciated. Thanks!



  • At a high level, you'll need to enable the route-nopull directive on your tunnel, so the head end doesn't push out a default route to you.

    After that, you'll need to configure policy based routing in order to route certain traffic down your tunnel.



  • @marvosa:

    At a high level, you'll need to enable the route-nopull directive on your tunnel, so the head end doesn't push out a default route to you.

    After that, you'll need to configure policy based routing in order to route certain traffic down your tunnel.

    Um, how do I do the route-nopull directive thing and when you say configure policy that's the Firewall -> Rules tab right? I'm really new to this.



  • @marvosa:

    At a high level, you'll need to enable the route-nopull directive on your tunnel, so the head end doesn't push out a default route to you.

    After that, you'll need to configure policy based routing in order to route certain traffic down your tunnel.

    Alright thanks, I got the first part working. I added "route-nopull" in the advanced configuration tab and now my traffic isn't going through the VPN. Now the problem is that I can't get sites to use it. I'm currently trying to add http://whatismyipaddress.com/ so I can make sure it works. How do I set this up properly as I am clearly doing something wrong.



  • @marvosa:

    At a high level, you'll need to enable the route-nopull directive on your tunnel, so the head end doesn't push out a default route to you.

    After that, you'll need to configure policy based routing in order to route certain traffic down your tunnel.

    Never mind, thanks finally got it working. :D



  • @ArcticWolf_11:

    @marvosa:

    At a high level, you'll need to enable the route-nopull directive on your tunnel, so the head end doesn't push out a default route to you.

    After that, you'll need to configure policy based routing in order to route certain traffic down your tunnel.

    Never mind, thanks finally got it working. :D

    How?



  • @Mr.:

    @ArcticWolf_11:

    @marvosa:

    At a high level, you'll need to enable the route-nopull directive on your tunnel, so the head end doesn't push out a default route to you.

    After that, you'll need to configure policy based routing in order to route certain traffic down your tunnel.

    Never mind, thanks finally got it working. :D

    How?

    I added route-nopull in the advanced configuration tab which made it so that none of the traffic defaulted to the VPN and then I made an alias which had all the websites that I wanted to use the VPN on. Then I made a rule with that alias and now specific sites go through the VPN! :D



  • Excellent!  Glad it's working!

    Just a quick note, you can also enable the "route-nopull" directive from the GUI:

    It obviously works either way but thought I would mention it.


Log in to reply