Show Posts
1
General Discussion / Re: Route one IP over VPN?
« on: June 17, 2020, 10:29:54 pm »
I made an account to see if this helps anybody.
Set the first rule up normally. Basically this is the rule that you would already normally have in any VPN setup guide but you're simply adding that PIA_NO_WAN_EGRESS tagging to it. All traffic coming from whatever source you picked should now properly be tagged with that rule.
Now the important difference that I found, in floating rules do:
Block
Check apply action immediately on match
interface WAN
Direction Out
Address family IPv4
Protocol Any
Source Any
Destination Any
Description (whatever you want) or VPN Killswitch
Tagged (or match tag whatever) PIA_NO_WAN_EGRESS so that this will kill all traffic that is tagged from what you did in rule 1 that is destined for your normal WAN
GATEWAY WAN_DHCP (or whatever your normal, non-vpn gateway is) -this is also important
So if you think about it your normal WAN should not see any of this VPN traffic until your VPN goes down because normally it's technically going out from a "different WAN" (the vpn gateway), then it tries to route out the default gateway once the VPN gateway goes down. This stops all that traffic.
Set the first rule up normally. Basically this is the rule that you would already normally have in any VPN setup guide but you're simply adding that PIA_NO_WAN_EGRESS tagging to it. All traffic coming from whatever source you picked should now properly be tagged with that rule.
Now the important difference that I found, in floating rules do:
Block
Check apply action immediately on match
interface WAN
Direction Out
Address family IPv4
Protocol Any
Source Any
Destination Any
Description (whatever you want) or VPN Killswitch
Tagged (or match tag whatever) PIA_NO_WAN_EGRESS so that this will kill all traffic that is tagged from what you did in rule 1 that is destined for your normal WAN
GATEWAY WAN_DHCP (or whatever your normal, non-vpn gateway is) -this is also important
So if you think about it your normal WAN should not see any of this VPN traffic until your VPN goes down because normally it's technically going out from a "different WAN" (the vpn gateway), then it tries to route out the default gateway once the VPN gateway goes down. This stops all that traffic.