Open VPN - Single Web Site



  • Hi Guys. Please move if in wrong forum.

    I have my pfSense box up and running. I have setup OpenVPN using IPVanish. I have successfully set it up so that only machines that i want to go out via OpenVPN can an everything else goes out via the normal WAN.

    Is it possible say that if any machine on my LAN side goes to www.somedomain.com that it goes out via the OpenVPN and not the standard WAN? I dont want to have everything go out for OpenVPN just select websites.

    Thanks in advance for any help you can give me.


  • LAYER 8 Rebel Alliance

    Anything you can match into some Firewall Rule can be used to Policy Route out your VPN Gateway.
    The problem here is that nowadays most Websites are not just one Server IP behind one Domain - they use Content Delivery Networks or clustered Servers with many IPs.
    It is possible but for most sites only with a lot of poking around. ;-)

    -Rico


  • LAYER 8 Global Moderator

    Yeah Rico hit it on the head.. Where you can run into problems is when the site could be really any IP owned by the CDN its being hosted on.. So the specific IP you use could change all the time..

    And some of these have ttls as short as 60 seconds for example... So when the filterdns process runs (every 5 minutes by default) that populates your alias for www.somedomain.com you get IP 1.2.3.4... But then 3 minutes your client wants to go there and you get 4.5.6.7 which is not in your alias.

    Even if you put in the whole swath of IPs that are owned by CDN.. you now get sites that you might not want going through the vpn since they are hosted on the same CDN, etc.

    So while yes you can do it.. Be aware that there could be complications based upon if that fqdn is hosted on CDN..


Log in to reply