To VPN or not to VPN?



  • Hi

    My current setup is a PC running Win 7 with all traffic going via a pfsense firewall running client openvpn using PureVPN service provider.

    The specific issue that prompted this plea for help is that when I tried to connect to BBC iplayer they detected that I was using a VPN so refused to play ball. Now I am actually UK based so there would be no problem if I wasn't going via a VPN.

    So my query is - Is there a way in which I can specify, when I launch an application, whether it uses the VPN.
    I could add a second network card and either connect to a different subnetwork that is not connected to pfsense, or set some firewall rules that bypassed the vpn (I say that but would have no idea how to actually do that !!).
    The problem would then be how I would specify which network card the application used. Ideally what I would like to be able to do is say launch one copy of Internet Explorer and route it via the VPN and then launch a second copy to use NOT via VPN.

    I think I read that you can bind specific applications to a specific NIC. This may give me a partial solution but is not quite what I am after.

    As an alternative is it possible to conceal the fact that I am using a VPN. I guess that in this instance the BBC recognise the IP address as belonging to my VPN service provider.

    Thanks for any thoughts

    ps If you can help please take into account that I am a total newbie


  • Rebel Alliance Global Moderator

    "I think I read that you can bind specific applications to a specific NIC."

    Good luck with that ;)

    If you want to bypass using your vpn, easy way to do it is based upon policy routing.  So where you want to go bbc iplayer - what is the url you connect to?  I could be as simple as creating an alias putting in the sites you want to go to and using that alias as your dest in rule that send that traffic out your normal wan.

    Depending on the site you may need to do some investigation on what exact networks they use via some CDN in the backgroun that is not really clear in just the url you use to get started, etc.

    Other option to this is to do it the other way around, use your normal wan for most of your access and just send the traffic you want out the vpn - sometimes it is easier this way since sites you want to vpn might be smaller, etc.

    Not sure where you got the idea that applications allow you tie them to specific nic or IP - this is pretty rare in the windows world for sure, and in client applications.  Server applications are more likely allow you to tie them to a specific nic or IP..

    There may be some addons for the browser your using that add this sort of feature..  But to be honest policy routing better solution if you ask me, since then doesn't matter if the application supports it or not.



  • @johnpoz said in To VPN or not to VPN?:

    "I think I read that you can bind specific applications to a specific NIC."

    Good luck with that ;)

    If you want to bypass using your vpn, easy way to do it is based upon policy routing.  So where you want to go bbc iplayer - what is the url you connect to?  I could be as simple as creating an alias putting in the sites you want to go to and using that alias as your dest in rule that send that traffic out your normal wan.

    Depending on the site you may need to do some investigation on what exact networks they use via some CDN in the backgroun that is not really clear in just the url you use to get started, etc.

    Other option to this is to do it the other way around, use your normal wan for most of your access and just send the traffic you want out the vpn - sometimes it is easier this way since sites you want to vpn might be smaller, etc.

    Not sure where you got the idea that applications allow you tie them to specific nic or IP - this is pretty rare in the windows world for sure, and in client applications.  Server applications are more likely allow you to tie them to a specific nic or IP..

    There may be some addons for the browser your using that add this sort of feature..  But to be honest policy routing better solution if you ask me, since then doesn't matter if the application supports it or not.

    Thank you to both of you, I just went online to see if someone is also experiencing the same thing with VPN and I'm happy I found a solution.