|
|||
Route some ip addresses outside VPN
Hello I’m a new member to this forum but i have used it a lot before i became a member.
I have a router with pfSense but would like to change it in favor for OpenBSD pf . My setup looks like this. ISP **** ROUTER **** AP I run one Openvpn client on the router so that all machines on the wifi AP goes through the vpn. Now comes the problem i would want some of the clients ip addresses to be routed through wan (without VPN) i have tried different routing alternatives but i haven’t find anything that works. Everything else seems to work even the "killswitch". Here is my pf.conf any suggestions on optimizations would also be appreciated thanks in advance !! Code:
ext_if = "em0" # External interface int_if = "em1" # Internal interface vpn_if = "tun0" # Vpn interface table <martians> { 0.0.0.0/8 10.0.0.0/8 127.0.0.0/8 169.254.0.0/16 \ 172.16.0.0/12 192.0.0.0/24 192.0.2.0/24 224.0.0.0/3 \ 192.168.0.0/16 198.18.0.0/15 198.51.100.0/24 \ 203.0.113.0/24 } set block-policy drop set loginterface $ext_if set skip on lo0 match in all scrub (no-df random-id max-mss 1440) match out on $ext_if inet from ($int_if:network) to any nat-to ($ext_if:0) match out on $vpn_if inet from ($int_if:network) to any nat-to ($vpn_if:0) block in quick on $ext_if from <martians> to any block return out quick on $ext_if from any to <martians> block all pass in on $int_if from $int_if:network to any tag NO_WAN_EGRESS keep state block quick on $ext_if tagged NO_WAN_EGRESS #block return out quick on $ext_if tagged NO_WAN_EGRESS pass out quick inet #pass in on $int_if inet Last edited by ocicat; 12th August 2017 at 07:43 PM. Reason: Please use [code] & [/code] tags when posting file contents. |
Tags |
vpn;pf;client;routing;openbsd |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
OpenVPN No Route To Host | Peter_APIIT | OpenBSD Security | 10 | 18th September 2015 03:05 AM |
Route to enc0 | WeakSauceIII | OpenBSD Security | 11 | 1st June 2015 07:40 PM |
No Route to Host | rtwingfield | FreeBSD Installation and Upgrading | 9 | 25th May 2015 03:05 AM |
route on openbsd | hpabsdbeginner1 | OpenBSD General | 2 | 15th April 2014 07:17 PM |
How to add static route using virtual NIC | bsdplus | Solaris | 1 | 22nd August 2010 02:10 AM |