Jump to content
Not connected, Your IP: 3.149.25.117
SodaStream

Routing netlix devices outside the airvpn tunnel

Recommended Posts

Hi, sorry to bother you guyes but I need some beginner help configuring my pfsense to route my selected netflix capable devices traffic outside the airvpn tunnel.

 

Can some1 take me step by step thru the configuration?

Share this post


Link to post

/firewall_nat_out.php page, choose the source, NAT address should be your WAN gateway.

You can choose either single IP addresses or entire CIDR notations, for a single IP use /32.

 

need to create a corresponding firewall rule in LAN section to allow outbound too, right?

Share this post


Link to post

/firewall_nat_out.php page, choose the source, NAT address should be your WAN gateway.

You can choose either single IP addresses or entire CIDR notations, for a single IP use /32.

is this correct?

Share this post


Link to post

 

/firewall_nat_out.php page, choose the source, NAT address should be your WAN gateway.

You can choose either single IP addresses or entire CIDR notations, for a single IP use /32.

is this correct?

 

good idea to make an alias.  looks correct to me.

Share this post


Link to post

The traffic from my netflix devices are is still not being routed outside the VPN tunnel. Can some1 help me out instead of responding with a vague half way answer please?

Share this post


Link to post

The traffic from my netflix devices are is still not being routed outside the VPN tunnel. Can some1 help me out instead of responding with a vague half way answer please?

 

 

 

I finally got this working for Netflix.  Big caveat up front, I'm not a network expert, so there might be a better/safer way to accomplish this.  Here's what I did...

 

1. Followed this guide to get everything running through the VPN first (https://airvpn.org/topic/17444-how-to-set-up-pfsense-23-for-airvpn/).  I assume this is where you started as well.  If not, my solution may not work for you.

 

2. Created an alias for all devices I want to bypass the VPN (vpn_bypass)

 

3. Added another NAT outbound rule at /firewall_nat_out.php (which is what it looks like you did above).  This should be at the top of the list.

 

* Do not NAT => not checked

* Interface => WAN

* Protocol => any

* Source => Network, vpn_bypass/32

* Destination => Any

* Address => interface address

* Port => [blank]

* No XMLRPC Sync => not checked

* Description => "LAN to WAN bypassing VPN"

 

4. Added a new NAT rule to forward DNS traffic from vpn_bypass to a public DNS (Google in my example).  This will allow traffic bypassing the VPN to access a DNS directly.  Without it, your device will have access to the WAN directly, but won't be able to resolve the URL netflix.com, which is what I think was causing you problems.  You can add this is at /firewall_nat.php

* No RDR (NOT) => not checked

* Interface => AIRVPN_LAN

* Protocol => TCP/UDP

show advanced

* Source => single host or alias, vpn_bypass

* Source port range => any to any

* Destination => CHECK invert match, AIRVPN_LAN address

* Destination port range => DNS to DNS

* Redirect target IP => 8.8.8.8

* Redirect target port => DNS

* Description => "DNS for VPN bypass using Google"

 

Make sure it also creates an associated filter rule.  You may need to reorder the rules on this page as well.  I put this near the top, so traffic wasn't directed through the VPN accidentally.

 

5. Add another firewall rule that allows the vpn_bypass group to create connections directly with the WAN.  This is basically a clone of "AirVPN_LAN allow outbound" with a few tweaks.  This should be put ABOVE the "AirVPN_LAN allow outbound" rule when we're done.

* Action => pass

* Interface => AIRVPN_LAN

* Address family => IPv4

* Protocol TCP/UDP

* Source => Single host, vpn_bypass

* Source port range => 1024 to 65535

* Destination => any

* Destination port range => wan_service_ports to wan_service_ports

* Description => AirVPN_LAN allow outbound for VPN bypass

SHOW ADVANCED

* Gateway => WAN

 

 

Hopefully this helps.  Now, if I could get port forwarding to work correctly for Plex, life would be better

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...