Selective routing not working
-
This is my configuration however everything seems to go through the VPN and it doesnt avoid my preset destinations
-
Please use the 'Upload Image' button.
Most people includung me don't want to follow external unknown URLs...-Rico
-
This post is deleted!
-
Make sure to check the "Don't pull routes" Option in your OpenVPN Client Configuration.
-Rico
-
@Rico it is checked
-
Well you have traffic flowing via your WAN_DHCP Gateway, it shows 4.59 GiB for GamingIPS.
What exactly is the problem?-Rico
-
Well when I try to download a game through steam which gaming ips is all of steams URLs it still uses the VPN or when I go on Netflix it still says I'm using a proxy
-
Check the States an if the Steam IP is in your Alias or not, maybe you are missing something there.
-Rico
-
I do I even got a test one set up to avoid vpn but whever I go on speed test it still shows vpn ip
-
you see when I download somthing it all goes through the VPN
-
A proper whitelisting is much harder then just put the website URL into some Alias...
For example, the IP for speedtest.net has zero to with the target IP of the server which is performing the speedtest. Let's see...nslookup speedtest.net Name: speedtest.net Addresses: 151.101.194.219 151.101.2.219 151.101.66.219 151.101.130.219Now let's do the speedtest and check which IP we hit.
The problem is, of course we could just add 185.60.197.7 into our Alias...but the next speedtest would probably hit any other IP.
If the website owner has no public documentation of all IP ranges they use it is almost impossible to catch alle their servers.-Rico
-
@Rico I understand your point for speed test however why does it not work for ports and steam as that is done through DNS
like why is 100% of my traffic going through the VPN when I look at the graphs
-
Show your Port alias and states so we can check.
-Rico
-
@Rico Sure
-
This does not look like a big download and is mostly https (443) traffic not hitting your Rule.
-Rico
-
@Rico so what should I do add port 80 adnd 443 to the rule ?
-
Here is a (hopefully) complete list containing all Valve Servers: https://bgp.he.net/AS32590#_prefixes
Create an Alias for it with all Prefixes and move the Firewall Rule on top, delete your other Rules.-Rico
-
@Rico Yeah About that my pfsense kinda crashed after I put it all in cus theres a limit of 5000 hosts per alias but thats far more I mean the first 10 ips hit that limit and theres 30 so ill need to make like 6 aliases for it
-
You add the networks as they are reported in the List, not single host.
-Rico
-
@Rico said in Selective routing not working:
add the networks as they are reported in
Hahah no wonder were running out of IPv4 when companies like steam are ussing them like internal Ips
-
@Rico oh my gosh thank you so much it now bypasses steam and the downloads are rapid, So to do this bypass for netflix would I need to find their Ips aswell ?
Cus they got allot more some Ipv6 do you know a fast way to import them ?
also how can I check if my port bypasses are working and some games use 80 and 443 as there ports so how would I vpn bypass those without literally vpn bypassing every site?
sorry for so many questions and thanks for the help
-
Well you can also use the import function.
Port 80 and 443 is http and https, not possible to exclude only games by these ports.
Depending on the goal you try to accomplish, maybe it is better and even easier to build the setup to have your WAN_DHCP as default and create the Rules for stuff you want to send out via VPN?-Rico
-
@Rico Yeah I agree however what I want to use the VPN is torrenting and web browsing so it easier to bypass other things rather than chose the ones I want
-
Hmmm personally I would never send out any of my Web traffic through some VPN provider.
For example, if I login to my bank account, Paypal or even stuff like amazon...I don't want to send this kind of traffic to any third parties even if it is encrypted.-Rico
-
@Rico said in Selective routing not working:
gin to my bank account, Paypal or even stuff like amazon...I don't want to send this k
Yeah thats true
-
So a option could be to use one machine for your regular stuff, working, steam, netflix, ... and another machine for anything you want to exit out the VPN by source IP, torrent and websites you browse with this machine.
This second machine could be either physical or virtual.-Rico
