Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Policy Based Routing not working.

    Scheduled Pinned Locked Moved Routing and Multi WAN
    7 Posts 2 Posters 372 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      TravisH
      last edited by

      I am trying a slightly unusual setup, I have a VPN (Cloudflare WARP) and basically what I want to do is to identify traffic that is going to one of cloudflare’s IP4 addresses, and if so then route that traffic through the gateway for the Cloudflare WARP VPN.

      I have set up the VPN, and it works if I change the default gateway but then all traffic goods through it, I set up an alias for the range of Local IPs as well as an alias for Cloudflare IP’s (Cloudflare maintain a txt list url).

      I created a firewall rule, which basically says if traffic is coming in to an interface, is IP4, and is TCP/UPD and it’s destination is the Cloudflare alias, then use the VPN gateway but it never works.

      I have tried in and out directions, with and without local IP but I can’t seem to get it to route through Cloudflare.

      I tried clearing state tables as well, no luck. Am I missing something in my config which would explain this?

      Many thanks!

      IMG_6356.png IMG_6355.jpeg IMG_6354.png IMG_6353.png IMG_6352.jpeg

      V 1 Reply Last reply Reply Quote 0
      • V
        viragomann @TravisH
        last edited by

        @TravisH
        Change the alias type to "URL (IPs). It's not an URL table.

        T 1 Reply Last reply Reply Quote 0
        • T
          TravisH @viragomann
          last edited by

          @viragomann that didn’t seem to make any difference, out of interest how is the link not a url table (IPs), they change over time so as I understand it, using URL (IPs) won’t work since it’s designed for a once off (?), but also it’s designed for a smaller list of IPs not the CIDR ranges?

          T 1 Reply Last reply Reply Quote 0
          • T
            TravisH @TravisH
            last edited by

            @TravisH not sure if this helps, but it seems like the destination criteria is not triggering the rule, I changed it to a temp list which had some IP addresses in it, but that didn’t make any difference to getting traffic to go down the VPN.

            V 1 Reply Last reply Reply Quote 0
            • V
              viragomann @TravisH
              last edited by

              @TravisH
              Hover over the alias to display its content or check it in Diagnostic > Tables and verify it the IPs or subnets are loaded correctly into the alias.

              T 1 Reply Last reply Reply Quote 0
              • T
                TravisH @viragomann
                last edited by

                @viragomann the table looked fine in the diagnostics, also I picked an IP within one of the range to check just to see and still nothing.

                V 1 Reply Last reply Reply Quote 0
                • V
                  viragomann @TravisH
                  last edited by viragomann

                  @TravisH
                  The rule is not applied, however. So either it doesn't match or more probably another rule has precedence. Possibly a rule on the interface tab.

                  If you want give priority to floating rule over interface rules you have to check the Quick option.

                  1 Reply Last reply Reply Quote 1
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.