    I recently setup a Openvpn client on my Pfsense router and all my LAN trafic ( is going trough that VPN gateway. However that created a problem with my Apple tv, Netflix in particular.

    I tried creating a new LAN rule to route traffic for Apple TV IP to go to WAN GW and I created NAT outbound rule for that IP but it's not working… What am I missing, can this be done, to route all traffic to VPN except one IP ?

    That should work. A policy rule on LAN catch all traffic from the Apple TV device and route it via the default gatway is what I would do there.

    The rule must be above whatever rule is catching traffic for the VPN.

    Can we see a screenshot of the LAN rules?

    You should not need a specific outbound NAT rule for that. The default rules will NAT all traffic from the LAN leaving the WAN to the WAN interface anyway.


  • Funny, youtube on appletv works but netflix still complains that cannot resolve. here is the image of LAN rules !0_1527509154534_LAN.PNG

    Your second firewall rule tells me that on the LAN interface there is a device with alias APPLEID.
    The LAN interface never receives any "IPv4 - TCP" packets from this device.
    The rule is never applied.

    I would have done this :
    test : Is the alias correct ? Are you sure ?? (be careful : this one is nasty : maybe the Apple TV is using IPv6 - because it is very capable doing so and I bet your alias is not covering any UIPv6).
    test : Is the device using TCP ? Can it be UDP, you limited to "TCP only" Why ?
    test : is the ALIAS ok ? (the Apple TV is using this IP ?)

    Yes, you probably want protocol 'any' there not just TCP.


  • So Apple TV is using static IP and IPv6 is disabled on network so I am sure alias is right. I changed protocol to any, Traffic is going but with time out. Here are the screenshots.0_1527516737674_LAN.PNG 0_1527516745328_traffic.PNG

  • Reset the state table, to flush out any 'old' references that failed.

    Use the network check tool present in your apple thing and see if he is happy now.

  • :( done the reset, cleared all tables but netflix still hangs when trying to play something

    But other things do work?

    You may have a DNS issue. If you are passing the pfSense LAN IP to the AppleTV to use for DNS (it looks like you are) it may be leaving from a different WAN. Netflix uses DNS source among other things to determine if you're using a VPN.


  • Yes other things work , DNS issue might have sense. Do you think setting up DNS like on Apple TV would solve DNS issue?

  • It works with Google DNS on Apple TV manually. Thanks for your help guys!

