4. Selective pfSense OpenVPN client usage i.e. for certain websites, how?

Selective pfSense OpenVPN client usage i.e. for certain websites, how?

  • T

    I want to set up pfSense to be used as a VPN client for a VPN provider such as NordVPN or similar. Presumably the steps in this forum provided for other VPN providers such as StrongVPN will help me to do that.

    However, I only want to route specific traffic via OpenVPN, e.g. all URLs associated with www.example1.com, www.example2.com etc to go through the OpenVPN client but for other traffic not to use the pfSense OpenVPN client. So this won't be specific to any LAN client but will apply to all LAN clients for all URLs of specific domains. Is there a way to do that? Please advise.

    Also, I know there is a web browser plugin from EFF but is there a way to make pfSense force websites to use https to the web browsers where https is supported by the website(s) in question?

    I would also like the pfSense box to provide NAT and SPI protection for the LAN clients.

    0
  • K

    Add the following to the Custom ACLS (Before Auth) under Advanced Features in Proxy Server: General Settings where _<vpn_interface_ip></vpn_interface_ip>_is the IP address of your OpenVPN client interface (eg 172.20.20.1):

    ##Send specific destinations via VPN
acl dst_to_vpn dstdomain .example1.com .example2.com
tcp_outgoing_address <vpn_interface_ip>dst_to_vpn</vpn_interface_ip>

    You can also use regular expressions as well. Eg if you wanted www.example.com, www.example.org, www.example.net, etc. to go via the VPN

    ##Send specific regex destinations via VPN
acl dst_to_vpn_regex dstdom_regex -i \.example\.
tcp_outgoing_address <vpn_interface_ip> dst_to_vpn_regex</vpn_interface_ip>

    Note that this only works with a static IP on your OpenVPN client interface.

    0
  • T

    @kesawi:

    Note that this only works with a static IP on your OpenVPN client interface.

    Many VPN providers e.g. NordVPN specify the dns name of the server e.g. br1.nordvpn.com rather than the actual IP address of the VPN server.
    For sure, I can get the IP address by doing an nslookup, which in the case of this NordVPN would give an IP address of 181.41.210.93 but there must be a reason that VPN providers specify the DNS name of the server?

    Could someone please clarify or advise how the name of the server can be used instead of the IP address in the above example?

    https://nordvpn.com/servers/

    0
  • LAYER 8 Netgate

    @tontoOz:

    Could someone please clarify or advise how the name of the server can be used instead of the IP address in the above example?

    Completely unrelated to this thread but Server host or address in the OpenVPN client config takes a hostname or IP address.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy