Skip to content
Prevent certain host from going through the VPN network
Got a problem with Viscosity or need help? Ask here!
Hello,
I have viscosity running on a mac mini which serves as my gateway/firewall.
All my local clients are routed through the mac mini so all traffic to the internet goes through the VPN connection.
So far so good.
Now I want to exclude one of my clients from the VPN connection. I tried several ways with pf firewall rules without success.
I know that I can tell viscosity that certain destinations shall be excluded from the VPN connection. But this is not what I'm looking for.
Maybe I can route traffic from a specific host around the VPN with the help of pf or an entry in the routing table?
Cheers
bip
I have viscosity running on a mac mini which serves as my gateway/firewall.
All my local clients are routed through the mac mini so all traffic to the internet goes through the VPN connection.
So far so good.
Now I want to exclude one of my clients from the VPN connection. I tried several ways with pf firewall rules without success.
I know that I can tell viscosity that certain destinations shall be excluded from the VPN connection. But this is not what I'm looking for.
Maybe I can route traffic from a specific host around the VPN with the help of pf or an entry in the routing table?
Cheers
bip
Hi bip,
What you're trying to do should be possible using pf, but I'm afraid it's beyond the scope we can offer support for. Hopefully someone in the community will be able to offer you some advice. It's certainly possible using iptables on Linux, as I've personally mucked around with similar setups in the past, so it should be something that is possible using pf.
Cheers,
James
What you're trying to do should be possible using pf, but I'm afraid it's beyond the scope we can offer support for. Hopefully someone in the community will be able to offer you some advice. It's certainly possible using iptables on Linux, as I've personally mucked around with similar setups in the past, so it should be something that is possible using pf.
Cheers,
James
Web: https://www.sparklabs.com
Support: https://www.sparklabs.com/support
Twitter: https://twitter.com/sparklabs
Support: https://www.sparklabs.com/support
Twitter: https://twitter.com/sparklabs
For anyone who might be interested in the solution: The magic keyword is "route-to":
# Route some IPs directly to the fritzbox instead of NATing them through the VPN tunnel
pass in on $internal_if route-to ($fb_if $fb) from {$pc1, $bipad} to any
pass out on $fb_if from {$pc1, $bipad} to any
# Route some IPs directly to the fritzbox instead of NATing them through the VPN tunnel
pass in on $internal_if route-to ($fb_if $fb) from {$pc1, $bipad} to any
pass out on $fb_if from {$pc1, $bipad} to any
4 posts
Page 1 of 1