Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Solved: How to import many (changing) routes into pfSense?

    Scheduled Pinned Locked Moved General pfSense Questions
    5 Posts 4 Posters 643 Views 4 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S Offline
      soupdiver
      last edited by soupdiver

      I have kind of an "interesting" issue with my ISP. They have peering issues and I have to work around this. The issue exists with things exclusively hosted on AWS US East, e.g. github.

      I have setup a Open VPN connection to a friends sophos and can send specific routes through the VPN. The issue is that there are quite a few routes for that region and they are changing. AWS provides an API that returns the networks.

      Is there a "native" way to scripts those things or hook into the pfSense another way? Adding all those routes by hand via web UI is no real option.

      H 1 Reply Last reply Reply Quote 0
      • H Offline
        heper @soupdiver
        last edited by

        @soupdiver

        wouldn't it be easier to just put all the IP's of AWS EAST in an alias & policy route it through the openvpn ?

        johnpozJ 1 Reply Last reply Reply Quote 2
        • johnpozJ Offline
          johnpoz LAYER 8 Global Moderator @heper
          last edited by

          ^ exactly! Take all the networks for where ever your isp is having issues and just policy route those out this vpn connection you have.

          If the ips/networks are available via a url - you can just have the url table update every X days as well.

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 25.07.1 | Lab VMs 2.8, 25.07.1

          1 Reply Last reply Reply Quote 0
          • stephenw10S Online
            stephenw10 Netgate Administrator
            last edited by stephenw10

            pfBlocker might be able to do that for you if the API is simple enough. It can use AS numbers for example.

            1 Reply Last reply Reply Quote 1
            • S Offline
              soupdiver
              last edited by

              @soupdiver

              wouldn't it be easier to just put all the IP's of AWS EAST in an alias & policy route it through the openvpn ?

              yea it seems so 😁
              I had to lookup policy routing but this works nicely.
              I will write a lil script which formats the AWS API response in a way pfSense will understand it and then I should be done. Thanks!

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.