Home » Technology » PFsense: How to bypass a vpn connection for a single ip

PFsense: How to bypass a vpn connection for a single ip

This time i want to show you something, that i think many peoples have already had a need for once in a while.

I am using a VPN provider, i am sure alot of you do as well, its a pretty neat service, you connect to them, and they root all your traffic through their vpn.

but what if you wanted to have a certain ip, maybe a server, like a mailserver, not being routed through that vpn but rather connect to other mailservers directly.

this becomes especially problematic since some vpn services actually block smtp tcp ports, and some mailservers do block connections from vpn services.

i have found alot of tutorials on the web about different ways on how to do this, from using a relay server, over adding multiple ips and routes. these are good tips, but i wanted something simple.

i am running pfsense as my main firewall and gateway to the internet, and i have a static ip setup, basically what many small businesses have too. and in pfsense its just adding two additional rules of sorts.

things you need to have for this to work:

  • a static ip, this is important, as the times that dynamic ips where able to send email out are long gone.
  • a vpn connection configured in your pfsense as an openvpn client.
  • a machine/container you want to exclude from your vpn bubble, for whatever reason…
  • pfsense in a current version (i just havent tested in older versions, i always run current stable everywhere, eases the task of administrating things)

so, lets begin:

under Firewall -> Rules -> LAN, edit the rule that forwards all your data through the VPN, so that it looks like this:

PFsense customize the VPN rule

PFsense customize the VPN rule

and secondly, add a new rule under Firewall -> Rules -> LAN, where you let that server ip pass through the Standard Gateway explicitely, this rule should look like that:

Add the passthrough rule

Adding the passthrough rule to pfsense for the server

Finally click on save, click on appy, and thats it.

you can now test your servers external ip with a tool like lynx or telnet to your favorite mailserver and see if it lets you in;-)

i hope this short tutorial was once again helpful to some of you, my readers, and im looking forward on your input, what small tricks you got that make your life easy with pfsense? hope to hear from you.