Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Virtual private networks
»
Way to allow specific URL to bypass VPN?
« previous
next »
Print
Pages: [
1
]
Author
Topic: Way to allow specific URL to bypass VPN? (Read 1965 times)
Irishfluter
Newbie
Posts: 10
Karma: 0
Way to allow specific URL to bypass VPN?
«
on:
April 05, 2023, 01:22:03 am »
I don't know if what I want to do is possible -- having setup NordVPN using OpenVPN, is there a way that a specific set of URL's can bypass the VPN?
I know you can set specific device(s) to not use the VPN, but what I want is to be able to define URL's that will not route through the VPN for all connected devices.
Any thoughts / help greatly appreciated!
Logged
bartjsmit
Hero Member
Posts: 2018
Karma: 194
Re: Way to allow specific URL to bypass VPN?
«
Reply #1 on:
April 05, 2023, 10:59:57 am »
If you can't route on IP address, I'd say you need a proxy. For http URL's that would be Squid
Logged
andrewoliv
Newbie
Posts: 23
Karma: 1
Re: Way to allow specific URL to bypass VPN?
«
Reply #2 on:
April 07, 2023, 02:22:02 am »
I do not OPNSense has this capability. However, I have discovered Vilfo recently. I was going to set up OPNSense as a VPN Router but instead I installed Vilfo. Vilfo is a full featured VPN Router. WWW.Vilfo.com
There is a FireFox extension that works in conjunction with your Vilfo appliance (I installed it on a Protectli appliance). This extension allows you to choose my url what goes through a VPN and what does not.
It was the main reason I moved away from OpnSense for this effort
I still have an OpnSense firewall
Logged
meyergru
Hero Member
Posts: 1700
Karma: 167
IT Aficionado
Re: Way to allow specific URL to bypass VPN?
«
Reply #3 on:
April 07, 2023, 02:45:17 pm »
Routing and URLs are different concepts. If you set up your default route going through a VPN, everything goes through that VPN. In order to have some URLs go through a different route, you need to
1. Set up a default route through the VPN and a more specific route to to be used for the specfic URLs. That in itself is very difficult and most likely would be a host-specific route that only links to an upstream HTTP proxy from which the traffic fans out (this you need to have, too).
2. Have something in place that can inspect URLs and decide which route to use. You could use squid for that, however, with most web traffic being encrypted these days, you must inspect HTTPS traffic in the first place, so your setup needs to do HTTPS termination which breaks with certificate pinning (
https://help.zscaler.com/zia/certificate-pinning-and-ssl-inspection
). You also need to inject your SSL termination CA into your browsers. So that is quite difficult as well.
You might be better off to use some native VPN client if that supports differntiation via URLs. If you aim to have this for an appliance like AppleTV or FireTV stick, where you cannot install such a client, you are out of luck.
If your URL list is short and depending on what you try to achieve, you only need a few IPs or networks as exceptions, you could get away with specific routes overriding the VPN default route.
Logged
Intel N100, 4 x I226-V, 16 GByte, 256 GByte NVME, ZTE F6005
1100 down / 440 up
,
Bufferbloat A+
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Virtual private networks
»
Way to allow specific URL to bypass VPN?
