How do I allow a website that is blocking my VPN
-
There is one particular website that I can not access while my traffic is routed through my VPN service. Is it possible to create a 'rule' that allows access to that one website through by default ISP WAN?
Thanks
-
Yeah create a rule that forces the traffic out your wan gateway if your not using policy routing. If your using policy routing for your vpn just put a rule above where you send traffic to your vpn above that allows traffic to that website IP(s)
-
Yeah create a rule that forces the traffic out your wan gateway if your not using policy routing. If your using policy routing for your vpn just put a rule above where you send traffic to your vpn above that allows traffic to that website IP(s)
I setup PIA over a year ago using this guide from the forum:
https://forum.pfsense.org/index.php?topic=76015.0
After that I managed to get my box to route only specified LAN IPs to the VPN via a rule in Firewall/Rules/LAN called IPs_via_VPN with a lot of help from forum users in this thread:
https://forum.pfsense.org/index.php?topic=116626.0
It has worked almost without flaw until one bank website started to block PIA. Trying to visit the site through VPN returns 'This site can’t be reached
xyzbank.com’s server IP address could not be found.
-
Post up your rules… Not going to read threads to find what exactly... Your first thread is 24 pages long. Your 2nd thread I have quite a few posts in there.. But they are well over a year ago.
Without seeing your rules - in general, create an alias and put your xyzbank.com fqdn in the alias and use that as dest allowing before you force stuff out your PIA connection.
-
There is one particular website that I can not access while my traffic is routed through my VPN service. Is it possible to create a 'rule' that allows access to that one website through by default ISP WAN?
Thanks
You can try something like that
-
-
yes, above the rules with the VPN gateway.
to check you can enter an URL like ipleak.net in the used alias. here it works.
-
yes, above the rules with the VPN gateway.
to check you can enter an URL like ipleak.net in the used alias. here it works.Does this look right? I created an alias. It works for the ipleak.net test, but not for the bank I am trying to access.
-
looks good except that Protocol in my rule is set as Any, not TCP
-
looks good except that Protocol in my rule is set as Any, not TCP
I changed that, still no luck with the bank. Should I be using something besides the FQDN of the bank? If I go to www.bank.com and click login, I am directed to https://secure.bank.com
I put both bank.com and secure.bank.com in the HOST field on the Alias page.
-
Sorry mate, I have no idea. Last chance is a guru's tip.
-
Sorry mate, I have no idea. Last chance is a guru's tip.
Thanks! I always appreciate your help!
-
Post up your rules… Not going to read threads to find what exactly... Your first thread is 24 pages long. Your 2nd thread I have quite a few posts in there.. But they are well over a year ago.
Without seeing your rules - in general, create an alias and put your xyzbank.com fqdn in the alias and use that as dest allowing before you force stuff out your PIA connection.
I think my issue is with the fqdn for the bank. The test works with ipleak.net (and similiar sites) but when I change that to xyzbank.com (and secure.xyzbank.com) it is not working. Should I be using another approach besides the fqdn for an institution like xyzbank ?
thx
-
what is the bank fqdn… Did you validate that it resolves and is in the table for your alias?
Why would you need to hide the fqdn of some bank... That is like not wanting to post this website I search for stuff on is www.google.com -- but keep that on the DL ;)
For example I bank with chase, they are www.chase.com, but that is also a cname... See
;; QUESTION SECTION:
;www.chase.com. IN A;; ANSWER SECTION:
www.chase.com. 3571 IN CNAME wwwbcchase.gslb.bankone.com.
wwwbcchase.gslb.bankone.com. 3571 IN A 159.53.84.126and then might get redirected to some other fqdn in your browser, etc.. So you need to validate that your alias is populating with the IP your actually going to, etc.
-
what is the bank fqdn… Did you validate that it resolves and is in the table for your alias?
Why would you need to hide the fqdn of some bank... That is like not wanting to post this website I search for stuff on is www.google.com -- but keep that on the DL ;)
For example I bank with chase, they are www.chase.com, but that is also a cname... See
;; QUESTION SECTION:
;www.chase.com. IN A;; ANSWER SECTION:
www.chase.com. 3571 IN CNAME wwwbcchase.gslb.bankone.com.
wwwbcchase.gslb.bankone.com. 3571 IN A 159.53.84.126and then might get redirected to some other fqdn in your browser, etc.. So you need to validate that your alias is populating with the IP your actually going to, etc.
I should have asked if it was ok to name the bank in question, which is Bank of America.
I was not able to validate that it resolves, in the table I put bankofamerica.com and secure.bankofamerica.com for the fqdn.
The bookmark I have in my browser is my login page - secure.bankofamerica.com/myaccount/etc - I got that bookmark by going to www.bankofamerica.com and using the link to login.
When I ping bankofamerica.com it returns IP 171.161.203.100 … should I be using that instead of a fqdn in the alias table?
Thanks!
