Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Question on how to route some traffic over WAN and everything else over VPN

    Scheduled Pinned Locked Moved OpenVPN
    6 Posts 3 Posters 2.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      Shadowalker
      last edited by

      I've decided to start using a VPN (AirVPN) for all of my home network traffic which works great, but unfortunately I find all of my pings over the VPN have roughly doubled.  For web traffic (and just about everything else) this doesn't really matter, but for some of my games pings can be very important.

      I was wondering if it is at all possible to route traffic that uses certain ports to bypass the VPN gateway and use the default WAN gateway.  Specifically, I wanted to route all of the traffic from World of Warcraft, which uses port 3724, over the WAN gateway.

      If there is a better / easier way to accomplish this, I'm all ears!  This is just what made sense to my admittedly poor networking abilities.

      Thanks!

      1 Reply Last reply Reply Quote 0
      • H
        heper
        last edited by

        if you haven't done so already:
        -assign an interface to your vpn
        -check the route_no_pull checkbox in your vpn settings.

        pfsense should create a new gateway for the vpn_interface automagically

        now use policy routing in your LAN firewall rules to direct the desired traffic to either gateway (https://doc.pfsense.org/index.php/What_is_policy_routing)

        1 Reply Last reply Reply Quote 0
        • S
          Shadowalker
          last edited by

          Ok, so I've got the VPN working and routing all traffic without a hitch.  That at least was the easy part.

          This is what I have at the moment, but it doesn't seem to work how I expect it to - which in this case I'm trying to force all https traffic from an internal IP to use the PIA gateway.  But whenever I go to a website it shows my normal IP and not my VPN IP.

          As usual, I have a feeling I'm missing some key idea or process - or something blindingly obvious.

          1 Reply Last reply Reply Quote 0
          • H
            heper
            last edited by

            you moved the rule up so that it's above any other rule that might push it out your default gateway? have you reset states before trying?

            1 Reply Last reply Reply Quote 0
            • DerelictD
              Derelict LAYER 8 Netgate
              last edited by

              Your source ports won't be 443. Look at the text there.

              Chattanooga, Tennessee, USA
              A comprehensive network diagram is worth 10,000 words and 15 conference calls.
              DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
              Do Not Chat For Help! NO_WAN_EGRESS(TM)

              1 Reply Last reply Reply Quote 0
              • S
                Shadowalker
                last edited by

                Awesome, thanks guys!

                Not sure if it was the state tables (holy hell, thanks for that - wish I'd known about it earlier) or trying to filter the wrong ports, but it works like a charm now!

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.