Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    How do I allow a website that is blocking my VPN

    Scheduled Pinned Locked Moved OpenVPN
    15 Posts 3 Posters 1.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      cobrahead
      last edited by

      There is one particular website that I can not access while my traffic is routed through my VPN service. Is it possible to create a 'rule' that allows access to that one website through by default ISP WAN?

      Thanks

      "PERFECTION IS THE ENEMY OF PERFECTLY ADEQUATE."

      1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator
        last edited by

        Yeah create a rule that forces the traffic out your wan gateway if your not using policy routing.  If your using policy routing for your vpn just put a rule above where you send traffic to your vpn above that allows traffic to that website IP(s)

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        1 Reply Last reply Reply Quote 0
        • C
          cobrahead
          last edited by

          @johnpoz:

          Yeah create a rule that forces the traffic out your wan gateway if your not using policy routing.  If your using policy routing for your vpn just put a rule above where you send traffic to your vpn above that allows traffic to that website IP(s)

          I setup PIA over a year ago using this guide from the forum:

          https://forum.pfsense.org/index.php?topic=76015.0

          After that I managed to get my box to route only specified LAN IPs to the VPN via a rule in Firewall/Rules/LAN called IPs_via_VPN with a lot of help from forum users in this thread:

          https://forum.pfsense.org/index.php?topic=116626.0

          It has worked almost without flaw until one bank website started to block PIA. Trying to visit the site through VPN returns 'This site can’t be reached
          xyzbank.com’s server IP address could not be found.

          "PERFECTION IS THE ENEMY OF PERFECTLY ADEQUATE."

          1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator
            last edited by

            Post up your rules… Not going to read threads to find what exactly... Your first thread is 24 pages long.  Your 2nd thread I have quite a few posts in there..  But they are well over a year ago.

            Without seeing your rules - in general, create an alias and put your xyzbank.com fqdn in the alias and use that as dest allowing before you force stuff out your PIA connection.

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.8, 24.11

            1 Reply Last reply Reply Quote 0
            • M
              mauroman33
              last edited by

              @cobrahead:

              There is one particular website that I can not access while my traffic is routed through my VPN service. Is it possible to create a 'rule' that allows access to that one website through by default ISP WAN?

              Thanks

              You can try something like that

              example.png
              example.png_thumb

              1 Reply Last reply Reply Quote 0
              • C
                cobrahead
                last edited by

                @mauroman33:

                You can try something like that

                Should it go on top of other rules?

                rules.JPG
                rules.JPG_thumb

                "PERFECTION IS THE ENEMY OF PERFECTLY ADEQUATE."

                1 Reply Last reply Reply Quote 0
                • M
                  mauroman33
                  last edited by

                  yes, above the rules with the VPN gateway.
                  to check you can enter an URL like ipleak.net in the used alias. here it works.

                  1 Reply Last reply Reply Quote 0
                  • C
                    cobrahead
                    last edited by

                    @mauroman33:

                    yes, above the rules with the VPN gateway.
                    to check you can enter an URL like ipleak.net in the used alias. here it works.

                    Does this look right? I created an alias. It works for the ipleak.net test, but not for the bank I am trying to access.

                    alias.JPG
                    alias.JPG_thumb
                    rules.JPG
                    rules.JPG_thumb
                    rule1.JPG
                    rule1.JPG_thumb

                    "PERFECTION IS THE ENEMY OF PERFECTLY ADEQUATE."

                    1 Reply Last reply Reply Quote 0
                    • M
                      mauroman33
                      last edited by

                      looks good except that Protocol in my rule is set as Any, not TCP

                      1 Reply Last reply Reply Quote 0
                      • C
                        cobrahead
                        last edited by

                        @mauroman33:

                        looks good except that Protocol in my rule is set as Any, not TCP

                        I changed that, still no luck with the bank. Should I be using something besides the FQDN of the bank? If I go to www.bank.com and click login, I am directed to https://secure.bank.com

                        I put both bank.com and secure.bank.com in the HOST field on the Alias page.

                        "PERFECTION IS THE ENEMY OF PERFECTLY ADEQUATE."

                        1 Reply Last reply Reply Quote 0
                        • M
                          mauroman33
                          last edited by

                          Sorry mate, I have no idea. Last chance is a guru's tip.

                          1 Reply Last reply Reply Quote 0
                          • C
                            cobrahead
                            last edited by

                            @mauroman33:

                            Sorry mate, I have no idea. Last chance is a guru's tip.

                            Thanks! I always appreciate your help!

                            "PERFECTION IS THE ENEMY OF PERFECTLY ADEQUATE."

                            1 Reply Last reply Reply Quote 0
                            • C
                              cobrahead
                              last edited by

                              @johnpoz:

                              Post up your rules… Not going to read threads to find what exactly... Your first thread is 24 pages long.  Your 2nd thread I have quite a few posts in there..  But they are well over a year ago.

                              Without seeing your rules - in general, create an alias and put your xyzbank.com fqdn in the alias and use that as dest allowing before you force stuff out your PIA connection.

                              I think my issue is with the fqdn for the bank. The test works with ipleak.net (and similiar sites) but when I change that to xyzbank.com (and secure.xyzbank.com) it is not working. Should I be using another approach besides the fqdn for an institution like xyzbank ?

                              thx

                              "PERFECTION IS THE ENEMY OF PERFECTLY ADEQUATE."

                              1 Reply Last reply Reply Quote 0
                              • johnpozJ
                                johnpoz LAYER 8 Global Moderator
                                last edited by

                                what is the bank fqdn… Did you validate that it resolves and is in the table for your alias?

                                Why would you need to hide the fqdn of some bank... That is like not wanting to post this website I search for stuff on is www.google.com -- but keep that on the DL ;)

                                For example I bank with chase, they are www.chase.com, but that is also a cname...  See

                                ;; QUESTION SECTION:
                                ;www.chase.com.                IN      A

                                ;; ANSWER SECTION:
                                www.chase.com.          3571    IN      CNAME  wwwbcchase.gslb.bankone.com.
                                wwwbcchase.gslb.bankone.com. 3571 IN    A      159.53.84.126

                                and then might get redirected to some other fqdn in your browser, etc.. So you need to validate that your alias is populating with the IP your actually going to, etc.

                                An intelligent man is sometimes forced to be drunk to spend time with his fools
                                If you get confused: Listen to the Music Play
                                Please don't Chat/PM me for help, unless mod related
                                SG-4860 24.11 | Lab VMs 2.8, 24.11

                                1 Reply Last reply Reply Quote 0
                                • C
                                  cobrahead
                                  last edited by

                                  @johnpoz:

                                  what is the bank fqdn… Did you validate that it resolves and is in the table for your alias?

                                  Why would you need to hide the fqdn of some bank... That is like not wanting to post this website I search for stuff on is www.google.com -- but keep that on the DL ;)

                                  For example I bank with chase, they are www.chase.com, but that is also a cname...  See

                                  ;; QUESTION SECTION:
                                  ;www.chase.com.                IN      A

                                  ;; ANSWER SECTION:
                                  www.chase.com.          3571    IN      CNAME  wwwbcchase.gslb.bankone.com.
                                  wwwbcchase.gslb.bankone.com. 3571 IN    A      159.53.84.126

                                  and then might get redirected to some other fqdn in your browser, etc.. So you need to validate that your alias is populating with the IP your actually going to, etc.

                                  I should have asked if it was ok to name the bank in question, which is Bank of America.

                                  I was not able to validate that it resolves, in the table I put bankofamerica.com  and secure.bankofamerica.com  for the fqdn.

                                  The bookmark I have in my browser is my login page  - secure.bankofamerica.com/myaccount/etc  -    I got that bookmark by going to www.bankofamerica.com and using the link to login.

                                  When I ping bankofamerica.com it returns IP 171.161.203.100 … should I be using that instead of a fqdn in the alias table?

                                  Thanks!

                                  "PERFECTION IS THE ENEMY OF PERFECTLY ADEQUATE."

                                  1 Reply Last reply Reply Quote 0
                                  • First post
                                    Last post
                                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.