Specify only traffic on specific ports goes through VPN



  • Is it possible to have only specific ports routed through a VPN and the rest routed through the normal gateway? I currently have everything running through a VPN and really only want specific traffic running through it since it seems to be messing with speed and specific sites of all the other traffic on the network.

    Thank you



  • You can control this on a router. So depend on if your VPN client or server is a router you can specify which traffic goes through VPN from this side.



  • @viragomann:

    You can control this on a router. So depend on if your VPN client or server is a router you can specify which traffic goes through VPN from this side.

    The VPN is setup in pFsense. I tried setting up firewall Lan rules for all traffic from 192.168.1.221 port 26688 to go to PIAVPN_VPNV4 and did an ipleak torrent test but it still seems to route through the normal gateway and not the VPN.



  • Here is my LAN rules btw.

    ![Lan Rules.PNG](/public/imported_attachments/1/Lan Rules.PNG)
    ![Lan Rules.PNG_thumb](/public/imported_attachments/1/Lan Rules.PNG_thumb)



  • Put your torrents rule to the top or below the Anti-Lockout rule to take effect.



  • Still getting the same results with the ip leak test. Is it possible that since all other traffic is routed through my normal gateway in pFsense that is how it is getting the IP or is this in fact not actually going through the VPN?

    Thank you



  • I think, the IP leak test checks only traffic to port 443. You won't be able to specify the source port of this traffic.
    To test your VPN route the whole traffic over it.

    Policy based rule should work the way, you have done: https://doc.pfsense.org/index.php/What_is_policy_routing
    To check if it works, you can use the packet capture tool from Diagnostic menu. Switch to the appropriate interface and look where the packet leave.

    Just a further thing to be considered: If your VPN traffic is translated by an (automatically generated) Outbound NAT rule, you will have to add an additional rule for the torrent port to avoid translating the port. You will see the rule in Firewall > NAT > Outbound
    Look here: https://doc.pfsense.org/index.php/Static_Port



  • @viragomann:

    I think, the IP leak test checks only traffic to port 443. You won't be able to specify the source port of this traffic.
    To test your VPN route the whole traffic over it.

    Policy based rule should work the way, you have done: https://doc.pfsense.org/index.php/What_is_policy_routing
    To check if it works, you can use the packet capture tool from Diagnostic menu. Switch to the appropriate interface and look where the packet leave.

    Just a further thing to be considered: If your VPN traffic is translated by an (automatically generated) Outbound NAT rule, you will have to add an additional rule for the torrent port to avoid translating the port. You will see the rule in Firewall > NAT > Outbound
    Look here: https://doc.pfsense.org/index.php/Static_Port

    With the packet capture I assume I should only be seeing traffic from the source IP to the VPN IP correct? If so, then it doesn't seem to be working. I created a NAT outbound rule that mimicked my firewall rule and it still doesn't seem to be working. Should this rule be on the WAN/LAN or PIAVPN rule? I currently have it under the LAN tab..

    Thank you



  • You should see the packets on LAN interface with source IP =192.168.1.221 and on VPN interface with source IP = <your vpn="" server="">, cause the source IP has to be translated by pfSense since your LAN hosts IP is unknown at the other side of the connection.</your>



  • So I think it might be working…. I did a packet capture on the Lan interface and I see traffic between source IP and destination IPs (not the VPN one though) and I did a packet capture on the VPN interface and I see traffic between the VPN and destination IPs... Which makes me think it is working, but maybe like I intend for it to be working...