Allow single IP through WAN instead of VPN

  • Hello,

    I know this has been asked before but i've been unable to make it happen. Please let me know what i'm doing wrong.

    I'm running pfSense v2.4.1. I used the guide at PIA for setup of my VPN.
    After setup, all of my traffic is routed through the VPN as it should be.
    I created an alias of IP's to bypass the VPN.
    then I created a NAT rule at the top that pass's any traffic from the BYPASS_IPS to the WAN gateway.

    For some reason, these IP's are still getting an IP from the VPN.
    Here is my setup and i'd be happy to provide any other logs/screenshots needed.

    I'm also forwarding ports for plex and Screens connect as you'll see.

    Not sure if this is related but i'm getting a bunch of stuff blocked by default lan rules in the firewall logs? (I don't seem to have any issues reaching the internet or internal servers though)

    Thanks for any guidance.

  • So I managed to make a little headway but still can't seem to get Netflix to load which is the ultimate goal.

    I added the IP of my Apple TV and another computer to the BYPASSVPN alias.

    Then for some reason the only way I could get it to work was to create a rule to pass any traffic from those IP's through the WAN, but I had to create that rule under the LAN and the PIA interface.  If the rule was only under 1 of them it didn't seem to work right.

    So now when I check my IP from the BYPASS list I get my real wan IP address.  but for some reason Netflix still blocks me. anyone have any ideas?


  • I have similiar config however I am using AirVPN instead of PIA and it is working as it should. A single LAN rule should be sufficient.
    Make sure Disable reply-to on WAN rules is UNCHECKED in Advanced->Firewall/NAT.

Log in to reply