Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Virtual private networks
»
Trying to force certain hosts to use VPN when visiting certain URL
« previous
next »
Print
Pages: [
1
]
Author
Topic: Trying to force certain hosts to use VPN when visiting certain URL (Read 2886 times)
djronh1
Newbie
Posts: 8
Karma: 0
Trying to force certain hosts to use VPN when visiting certain URL
«
on:
March 21, 2021, 11:14:59 pm »
Hi All,
I've successfully setup my OPNSense with Mullvad VPN per this Wiki article-
https://docs.opnsense.org/manual/how-tos/wireguard-selective-routing.html
If I force all traffic not destined for local LAN it work great.
Now I'm trying to configure such that only a subset of hosts on my LAN will use VPN when visiting a given list of URLs.
I used aliases for both, list of host that should use VPN, as well as list of URLs.
I already posted the question in this thread
https://forum.opnsense.org/index.php?topic=21205.msg104373#msg104373
But could not find a solution , so it was recommended I repost here instead.
«
Last Edit: March 21, 2021, 11:19:01 pm by djronh1
»
Logged
Greelan
Hero Member
Posts: 1028
Karma: 72
Re: Trying to force certain hosts to use VPN when visiting certain URL
«
Reply #1 on:
March 22, 2021, 02:12:02 am »
Maybe you need to include the destination URL Alias in the destination address field in the outbound NAT rule?
Logged
djronh1
Newbie
Posts: 8
Karma: 0
Re: Trying to force certain hosts to use VPN when visiting certain URL
«
Reply #2 on:
March 23, 2021, 12:24:01 am »
I added VPN_Required URLs list alias to outbound NAT rule, and still having same issue.
Logged
Greelan
Hero Member
Posts: 1028
Karma: 72
Re: Trying to force certain hosts to use VPN when visiting certain URL
«
Reply #3 on:
March 23, 2021, 01:15:05 am »
Lemme do my own experimenting over the weekend and I will see whether I have any more luck
Logged
Greelan
Hero Member
Posts: 1028
Karma: 72
Re: Trying to force certain hosts to use VPN when visiting certain URL
«
Reply #4 on:
March 27, 2021, 07:40:13 am »
So I did some experimenting, and specifying a destination URL through an Alias in the firewall rule worked fine for me. I can see in the live logs only that traffic going down the WG tunnel, and I can also see my VPN provider's IP on the website (I used
www.whatsmyip.org
in my test, and compared what I saw there when browsing to what I saw with ipinfo.io).
One thing I did notice when setting this up is that DNS resolution on OPNsense was broken when I had specified in the WG Local configuration the DNS server IPs given to me by my VPN provider. Those IPs are local IPs (ie 10.0.0.x) and it appeared that OPNsense tried to use those for resolution - which was interesting, and not what I had intended. So I changed the WG Local configuration so the DNS Server field was blank, and the issue was solved. Maybe you are affected by this issue, ie the Alias you have created is not actually resolving the URLs?
On the subject of DNS, note some additional discussion in the original tutorial thread, where it has been discovered that, depending on the user's network DNS server setup, DNS leaks can occur.
Logged
Learning
Newbie
Posts: 15
Karma: 0
Re: Trying to force certain hosts to use VPN when visiting certain URL
«
Reply #5 on:
August 20, 2021, 04:01:42 pm »
Quote from: djronh1 on March 23, 2021, 12:24:01 am
I added VPN_Required URLs list alias to outbound NAT rule, and still having same issue.
Resurrecting an old thread to say THIS was the key to having URLs bypass the VPN for me.
I had created an alias list of URLs, and placed it in the Firewall Rules section, but had not generated a NAT Outbound rule.
Having searched the forum and found this post, it is now working for me (on simple URLs at least).
Thanks for the tip
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Virtual private networks
»
Trying to force certain hosts to use VPN when visiting certain URL
