Policy Based Routing


  • Galactic Empire

    Just created a couple of NordVPN OpenVPN tunnels and set up a Gateway group.

    Am I correct in stating my non VPN routed networks needs to be set up like this:-

    0_1549021752698_Screenshot 2019-02-01 at 11.42.54.png

    Where h_ip_local = my local subnets excluding the Nord routed network.

    0_1549021827444_Screenshot 2019-02-01 at 11.47.30.png

    Everything seems to be working fine, first go at multi WAN & policy based routing :)


  • LAYER 8 Netgate

    You essentially have two choices when dealing with an OpenVPN provider "WAN."

    1. DO NOT check Don't pull routes in the OpenVPN client configuration and policy route the traffic you DO NOT WANT to go over the VPN.

    2. DO check Don't pull routes in the OpenVPN client configuration and policy route the traffic you DO WANT to go over the VPN.

    I generally prefer option 2 but that presents problems if you do not understand the ramifications of the fact that connections originating FROM THE FIREWALL ITSELF cannot easily be policy routed.


Log in to reply