Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    How Do I Set Up Selective Routing To A VPN?

    Scheduled Pinned Locked Moved OpenVPN
    8 Posts 3 Posters 2.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      Rawr44
      last edited by

      Hello all, new to pfSense and I was able to configure pfSense with OpenVPN using Private internet access. So now my entire network is protected by the VPN, but that's what I don't want. What I want is to have it set up so that I can just enter a website or set of IPs on the web ui and have anything connected to the network that's using that website or set of IPs to go through the VPN.

      TLDR: Don't want my entire network protected by a VPN, just want to be able to put skype's IPs on the web ui and any device connected to the network that's using skype will go through the VPN.

      Very frustrated right now and I have been trying to get this to work for over 4 hours now. Any help would be appreciated. Thanks!

      1 Reply Last reply Reply Quote 0
      • M
        marvosa
        last edited by

        At a high level, you'll need to enable the route-nopull directive on your tunnel, so the head end doesn't push out a default route to you.

        After that, you'll need to configure policy based routing in order to route certain traffic down your tunnel.

        1 Reply Last reply Reply Quote 0
        • R
          Rawr44
          last edited by

          @marvosa:

          At a high level, you'll need to enable the route-nopull directive on your tunnel, so the head end doesn't push out a default route to you.

          After that, you'll need to configure policy based routing in order to route certain traffic down your tunnel.

          Um, how do I do the route-nopull directive thing and when you say configure policy that's the Firewall -> Rules tab right? I'm really new to this.

          1 Reply Last reply Reply Quote 0
          • R
            Rawr44
            last edited by

            @marvosa:

            At a high level, you'll need to enable the route-nopull directive on your tunnel, so the head end doesn't push out a default route to you.

            After that, you'll need to configure policy based routing in order to route certain traffic down your tunnel.

            Alright thanks, I got the first part working. I added "route-nopull" in the advanced configuration tab and now my traffic isn't going through the VPN. Now the problem is that I can't get sites to use it. I'm currently trying to add http://whatismyipaddress.com/ so I can make sure it works. How do I set this up properly as I am clearly doing something wrong.

            1 Reply Last reply Reply Quote 0
            • R
              Rawr44
              last edited by

              @marvosa:

              At a high level, you'll need to enable the route-nopull directive on your tunnel, so the head end doesn't push out a default route to you.

              After that, you'll need to configure policy based routing in order to route certain traffic down your tunnel.

              Never mind, thanks finally got it working. :D

              1 Reply Last reply Reply Quote 0
              • M
                Mr. Jingles
                last edited by

                @ArcticWolf_11:

                @marvosa:

                At a high level, you'll need to enable the route-nopull directive on your tunnel, so the head end doesn't push out a default route to you.

                After that, you'll need to configure policy based routing in order to route certain traffic down your tunnel.

                Never mind, thanks finally got it working. :D

                How?

                6 and a half billion people know that they are stupid, agressive, lower life forms.

                1 Reply Last reply Reply Quote 0
                • R
                  Rawr44
                  last edited by

                  @Mr.:

                  @ArcticWolf_11:

                  @marvosa:

                  At a high level, you'll need to enable the route-nopull directive on your tunnel, so the head end doesn't push out a default route to you.

                  After that, you'll need to configure policy based routing in order to route certain traffic down your tunnel.

                  Never mind, thanks finally got it working. :D

                  How?

                  I added route-nopull in the advanced configuration tab which made it so that none of the traffic defaulted to the VPN and then I made an alias which had all the websites that I wanted to use the VPN on. Then I made a rule with that alias and now specific sites go through the VPN! :D

                  1 Reply Last reply Reply Quote 0
                  • M
                    marvosa
                    last edited by

                    Excellent!  Glad it's working!

                    Just a quick note, you can also enable the "route-nopull" directive from the GUI:

                    It obviously works either way but thought I would mention it.

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.