Hi everyone
Is it possible to tunnel certain websites, youtube etc via vpn (using URLs or domains) and not out of the default route?
I'm thinking of adding a VPN to my installation so I can attempt to route all traffic where I'll require an account to access them in Australia, to Singapore or New Zealand. I know it can be done if IP addresses are used, but is it possible with URL's or domains? I'd still like to route other traffic through the default route though
thanks
You can achieve this with Policy based routing (https://docs.opnsense.org/manual/firewall.html#policy-based-routing).
You need to assign an interface to the VPN instance to get a gateway, which is needed for routing. This is possible with OpenVPN, Wireguard and IPSec VTI.
Create an Alias (https://docs.opnsense.org/manual/aliases.html#aliases), add the desired destination IPs or domains to it. Then state this alias as destination in the firewall pass rule and select the VPN gateway.
A scorpion pit is the best solution.
How do you prevent leaks when routing this way? Just thinking- what if the destination site uses CDNs or makes connections to other domains outside of the one you requested? Are those also automatically routed through the tunnel?
The one I'm considering is https://docs.opnsense.org/manual/how-tos/wireguard-selective-routing.html and I'm curious as to the pros/cons of each approach. This one routes all traffic by host.