Bypass VPN by port, not IP



  • My pfSense appliance is configured with a VPN client to route the majority of my traffic over it.

    I bypass the VPN for AWS, Netflix, and Plex, but I do this using IP/Hostname. I would like to specify traffic to bypass the VPN by port. Is this possible?

    I tried to configure the firewall rules for the LAN interface to do this:
    0_1531349754333_Screen Shot 2018-07-11 at 4.53.57 PM.png

    But it does not seem to be working. Is there something else I might be missing?



  • Move that rule on top of the greyed-out rules below the anti-lockout.
    There's probably another rule catching the traffic already.


  • Netgate

    And you almost never need to set a source port. It is almost always a mistake.



  • @derelict said in Bypass VPN by port, not IP:

    And you almost never need to set a source port. It is almost always a mistake.

    I think this is a good call. I am going to try removing the source port and see if it makes a difference. If it still doesn't then I will move it above the other rules, but that shouldn't be the problem since the other rules are for AWS/Netflix and my Plex server.


  • Netgate

    The most-specific rules should generally be at the top to prevent something more general from matching first.


 

© Copyright 2002 - 2018 Rubicon Communications, LLC | Privacy Policy