Bypass NordVPN on certain IPs

[Timonator]

Hi all,

I was succesfull setting up NordVPN on all my network devices, but I am having issues with services like Netflix/Disney+. My Nvidia shield has a fixed IP address, which I want to bypass the VPN

Firewall rules that are currently working:
LAN net to destination LAN address , to allow all internal traffic (standard)
LAN net to gateway NORDVPN -> to move all LAN traffic through the VPN

To fix this, I tried using aliases but this does not seem to work for me.
alias_VPN_pass to gateway NORDVPN -> to move all LAN traffic except the shield through VPN
alias_VPN_bypass to gateway WAN_GW -> to move only shield traffic outside of VPN

VPN_Pass is set to host with ip !10.10.1.43
VPN_bypass is set to host with ip 10.10.1.43

But this does not seem allow traffic at all. Can someone point me in the right direction to resolve this?

[Patrick M. Hausen]

LAN net to gateway NORDVPN -> to move all LAN traffic through the VPN

I assume you mean

LAN net to any - gateway NORDVPN -> to move all LAN traffic through the VPN

If yes, then create a host alias in Firewall > Aliases containing all the IP addresses that are to be exempt from that gateway setting and change the rule to

LAN net to ! exceptions - gateway NORDVPN -> to move all LAN traffic through the VPN

The "!" means to tick the "destination invert" box.

After that rule add an "LAN net to any, allow" rule without an explicit gateway setting.

[Timonator]

Ok so if I think I set it up as you suggest, with the VPN_Exceptions containing my IP.

I was checking my public IP on the shield, but it was still showing the same as the VPN one. How does the last rule know it needs to take the regular PPPoE GW instead of the VPN?

[Patrick M. Hausen]

WAN_GW is your default gateway, right? That's why it should be picked, IMHO. But you might want to try and set it explicitly.