Send specific traffic outside the VPN?



  • Guys,

    I have two interfaces, WAN and VPN – the VPN is a virtual interface that connects to PIA's commercial VPN service.  All of my traffic routes through that interface.

    Problem is, my bank no longer accepts connections from the IP addresses PIA owns.  In fact, I can't connect to my bank at all from home now.

    So my question is, how can I send specific traffic -- specifically traffic going to a particular website -- through the WAN interface instead of the VPN?

    Thanks.



    1. Make an alias with the names (FQDNs) of the sites you want to access through the WAN.
    2. Add a firewall rule at the top of LAN rules to match source LANnet destination "alias", and in the advanced section choose the WAN gateway.


  • Had no idea it was so simple, thank you!!!!

    Question…. right now I have put "billing.bank.com" and "online.bank.com" and "secure.bank.com" etc in the alias list.  Can I simply put "bank.com" or "*.bank.com" in order to get all of the different servers to work, or should each be listed separately?



  • You will need to list each separately. pfSense "filterdns" does a DSN resolve of each actual name you put in the list and adds the resolved IP addresses to the table used by "pf". There is no way to have "mybank.com" and have it find all the names inside "mybank.com"
    It can be a bit of trial-and-error to find the names of all the places that a web-app uses - as you already mention you have found 3 typical names, and the app might go off to other names to retrieve the bank logo or other bits of the UI. You will find that out as you use it  :)



  • Fair enough.  This actually solves many problems, as many online forums are blocking me (PIA is my VPN service provider, and all their IPs are getting blocked all over the place).

    Had no idea the solution was so easy, really, thanks again.  This is a huge help.


Log in to reply