How to split traffic between airVPN interface and WAN gateway using pfsense?

[hermes_vpn 0]

I recently made the switch to airVPN and im happy with it, however, i followed this guide on how to configure airVPN with pfsense:

 

https://airvpn.org/topic/17444-how-to-set-up-pfsense-23-for-airvpn/

 

it works great, but i cant seem to split any traffic.

 

Basically i am trying to create an alias group that has things such as my security cameras so that their traffic is routed straight through the WAN gateway and not through the airVPN interface.

 

Also, on my old VPN i used to have a firewall rule that would either direct my main PC over either the VPN or the WAN, depending on what i was doing... when i play CSGO or BF1, i would change the gateway to WAN to avoid bad ping, when i finish gaming, i changed it back to the VPN interface.

 

This worked, however, after using the linked guide above, even creating a firewall rule that tells pfsense to direct my PCs static IP to the WAN (and making sure that rule is above all others) it still sends traffic over the VPN interface.

 

The only guides i have found on airVPN for traffic splitting are using the windows client, does anyone know where i can find a guide or any information on how to do this on PFsense after setting up my airVPN connection as per the link above?

 

Ive created aliases for all my groups and static IPs, but for some reason the way the walkthrough has setup airVPN something seems to be overiding the rule to send these groups to WAN.

 

In a nut shell, my setup would be this:

 

All self identifiable devices straight to WAN, such as cameras, smart devices etc.

All PCs, laptops, tablets, phones over VPN.

Option to either route traffic for main PC over VPN or WAN when gaming or normal use.

 

thanks for any advice!

[go558a83nk 362]

Really, there are already plenty of posts on using policy routing in pfsense.   Please search some more.

[SonicMetal15 0]

Yes policy routing is what you need, where you have some traffic going out the tunnel and other traffic going out the default WAN interface.  The way I have set this up is by first creating a host alias under Firewall, Aliases, IP tab, and then adding hosts one by one which are going to be the websites you want to access out the default WAN and not the VPN tunnel.  Then create a firewall rule that resembles this:

 

Action: Pass

Interface: (whatever interface it is)

Address Family: IPv4

Protocol: TCP/UDP

Source: (the interface chosen above plus the word net)

Destination: Single Host or Alias - Address: (type the name of the host alias group you created above listing the websites you want to access via default GW)

Destination Port Range: From: (up to you) To: (up to you)

Description: Policy routing through default WAN

[Guest]

Unable to login to my pfSense right now to confirm so doing this from memory. Pretty simple to do. Think the steps are...

 

1. Create a gateway that points to VPN.

2. Ensure NAT rules are configured appropriately.

3. Create a firewall rule to identify and route traffic.

 

Examples for step 3.

• Wish to redirect HTTP traffic from PC to VPN.

Protocol: TCP

Source: IP of PC

Destination: All IP but select port to HTTP(80)

Gateway: VPN (Under advanced)

• Wish to redirect all DNS for a range of devices to VPN. Where devices have been statically assigned IP by DHCP.

Protocol: UDP

Source: VLSM Network ID of devices. Lets say network ID is 192.168.1.0/24. DHCP statically allocates addresses 192.168.1.128 - 254 to devices you wish to target. So source would be 192.168.1.128/23

Destination: All IP but select port to DNS(53)

Gateway: VPN (under advanced)

 

Anyway should get the idea by now.