Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Allow single IP through WAN instead of VPN

    Scheduled Pinned Locked Moved OpenVPN
    3 Posts 2 Posters 821 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mister.e
      last edited by

      Hello,

      I know this has been asked before but i've been unable to make it happen. Please let me know what i'm doing wrong.

      I'm running pfSense v2.4.1. I used the guide at PIA for setup of my VPN.
      After setup, all of my traffic is routed through the VPN as it should be.
      I created an alias of IP's to bypass the VPN.
      then I created a NAT rule at the top that pass's any traffic from the BYPASS_IPS to the WAN gateway.

      For some reason, these IP's are still getting an IP from the VPN.
      Here is my setup and i'd be happy to provide any other logs/screenshots needed.

      I'm also forwarding ports for plex and Screens connect as you'll see.

      Not sure if this is related but i'm getting a bunch of stuff blocked by default lan rules in the firewall logs? (I don't seem to have any issues reaching the internet or internal servers though)

      Thanks for any guidance.
      Phil

      mappings.jpg
      mappings.jpg_thumb
      lanrules.jpg
      lanrules.jpg_thumb
      portforward.jpg
      portforward.jpg_thumb
      logs.jpg
      logs.jpg_thumb

      1 Reply Last reply Reply Quote 0
      • M
        mister.e
        last edited by

        So I managed to make a little headway but still can't seem to get Netflix to load which is the ultimate goal.

        I added the IP of my Apple TV and another computer to the BYPASSVPN alias.

        Then for some reason the only way I could get it to work was to create a rule to pass any traffic from those IP's through the WAN, but I had to create that rule under the LAN and the PIA interface.  If the rule was only under 1 of them it didn't seem to work right.

        So now when I check my IP from the BYPASS list I get my real wan IP address.  but for some reason Netflix still blocks me. anyone have any ideas?

        Thanks,
        Phil

        1 Reply Last reply Reply Quote 0
        • A
          amires
          last edited by

          I have similiar config however I am using AirVPN instead of PIA and it is working as it should. A single LAN rule should be sufficient.
          Make sure Disable reply-to on WAN rules is UNCHECKED in Advanced->Firewall/NAT.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.