Solved: How to import many (changing) routes into pfSense?
-
I have kind of an "interesting" issue with my ISP. They have peering issues and I have to work around this. The issue exists with things exclusively hosted on AWS US East, e.g. github.
I have setup a Open VPN connection to a friends sophos and can send specific routes through the VPN. The issue is that there are quite a few routes for that region and they are changing. AWS provides an API that returns the networks.
Is there a "native" way to scripts those things or hook into the pfSense another way? Adding all those routes by hand via web UI is no real option.
-
wouldn't it be easier to just put all the IP's of AWS EAST in an alias & policy route it through the openvpn ?
-
^ exactly! Take all the networks for where ever your isp is having issues and just policy route those out this vpn connection you have.
If the ips/networks are available via a url - you can just have the url table update every X days as well.
-
pfBlocker might be able to do that for you if the API is simple enough. It can use AS numbers for example.
-
wouldn't it be easier to just put all the IP's of AWS EAST in an alias & policy route it through the openvpn ?
yea it seems so
I had to lookup policy routing but this works nicely.
I will write a lil script which formats the AWS API response in a way pfSense will understand it and then I should be done. Thanks!