For those who followed my previous post on how to configure a VPN client on pfSense, one cool application for it is to route only specific websites through the VPN while the rest of the traffic goes through your ISP gateway, as usual. That is interesting when you want to use an IP from another country to read local news, or maybe browsing with privacy in one of the obscures websites out there. Yeah, i know you do!
The idea behind this post is creating a Firewall alias on your pfSense and then modify your LAN firewall rules to switch to a different gateway (the VPN gateway) when the destination websites are detected. Here we go
For this post, I will assume your VPN interface is OPT1, but you can use a different name.
Navigate to Firewall >> Aliases >> IP and click on Add and do as follows:
- Name: WEBSITES_BEHIND_VPN_USA
- Description: List of URLs that must be routed through US VPN for privacy
- Type: Host(s)
- IP or FQDN: google.com (Here you add the website you want to hide behind the VPN)
If you want to add more URLs (hosts), click on Add Host and add the IP/FQDN.
When you are done, click on Save and Apply changes. Now we need to update your firewall rules to use this list of websites to decide which gateway your traffic goes through.
Go to Firewall >> Rules >> LAN and look carefully to the existing rules. At the bottom there will be a PASS ALL rule, which allows traffic o go from LAN from any port/protocol to any destination IP/port. The trick is to add our new rule right before the pass all rule. That is because the pass all rule tunnel the traffic through the WAN gateway, so we need to create a rule that sends our traffic to OPT1 (or however you named your VPN gateway interface) before.
Next, click on Add to create a new firewall rule:
- Edit Firewal rule
- Action: Pass
- Address Family: IPv4 (I am not using IPv6 on my homelab yet)
- Protocol: Any
- Select “Single host or alias”
- Type “WEBSITES_BEHIND_VPN_USA” as destination address
- Extra options
- Log: unchecked
- Description: Force WEBSITES_BEHIND_VPN_USA to go through OPT1 to reach Internet
- Advanced options
- Leave everything as is
- Gateway: Select OPT1
Press Save and Apply changes. After a couple seconds, your traffic for all websites listed at WEBSITES_BEHIND_VPN_USA will be routed trough your VPN tunnel.
One trick that I use to test is adding “myip.com” to WEBSITES_BEHIND_VPN_USA and then visit it and check that the IP listed is not my ISP’s but the one from my VPN provider.
That is it and safe browsing!