openVPN bypass and allow streaming media on VPN interface

Site Feedback
1

Hello

So my use case with pfsense (netgate sg-2100) got a bit complicated, at least for a noob like me. Currently I have a working openVPN client running on pfsense for all devices in my SOHO LAN by following this guide: https://mullvad.net/en/help/using-pfsense-mullvad/

I require to bypass VPN for one device in my network and for the rest of devices connected, I need to “unblock” streaming media services, or my wife will divorce me lol

What is the safest approach for this? Policy based routing? VLANs?

2

**%% 1BvBMSEYstWetqTFn5Au4m4GFg7xJaNVN2

3

I figured out several ways to do this, because my wife was going to divorce me too! (She was pregnant at the time and not taking shit. So I had to sit down and figure it out.)

  • If you have one particular device that only does streaming, like a Amazon Fire, AppleTV, Chromecast, etc, you can create a rule that sets its ip address and passes its traffic to WAN instead VPN. You’ll need to set this pass rule above that passes your LAN to the VPN.
  • If it’s streaming on a device used for multiple purposes, like a laptop or phone, it’s a little bit trickier. You’ll need to filter the traffic going to the streaming service. The way I’ve found useful is to use pfBlockerNG to create an alias list of ip addresses used by the particular streaming service. I found lists for netflix and amazon servers, though not sure if it’s a complete list but it appears to be working most of the time. Then I have a pass rule that passes the pfBlockerNG alias from LAN to WAN like above. I suppose a regular alias w/o pfBlockerNG should work too. (I also use this method to access Bank of America since they block VPN’s. I had to manually figure out what ip’s they were using to create this list).

Hope that’s helpful.

4

I kind of want to do the reverse

Thanks!

5

Hi u/DIY_CHRIS
How did you do this? i use my nvidia shield for other things also, so dont want everything to go via VPN. I only want do route netflix via wan and not vpn.

Can you explain short what you did? :slight_smile:
thank you

6

If it’s only one device, it’s rather easy. Assign a static IP for your nvidia shield. Then create a rule that passes the static ip to your WAN. Place that rule above the rule that passes your LAN to VPN.