Re: [pfSense] Conditional Routing question

Mon, 29 Apr 2013 15:10:02 -0700 

On 4/29/2013 5:45 PM, Dave Warren wrote:

On 2013-04-29 07:21, Drew Lehman wrote:
I have a business connection from my ISP and run servers. I also like to seed Various Rescue disk and certain Linux distributions on Bittorrent. The problem is, despite having a commercial account, my ISP throttles anything with P2P, and takes the rest of my connection with it. So, in order to keep that from happening, I got a VPN connection through an third-party. This works great, but my traffic is either VPN or not. The VPN provider works with OpenVPN and I want to know how to create a conditional route that routes all bit-torrent over the OpenVPN, but leaves connections such as my gaming and email through my normal WAN connection. 


The trick here will be figuring out exactly what is and is not 
BitTorrent traffic, but the routing itself is actually fairly 
straightforward.



What you need to do is build a virtual interface for OpenVPN, once 
that's done, you can create a rule immediately above your LAN's 
"Default allow" rule to allow traffic and assign a specific gateway 
for specific traffic.



I do this on my LAN for port 25, since my ISP blocks port 25 and I 
need direct access to port 25 on remote servers for diagnostic reasons.



Check out an article like 
http://forum.pfsense.org/index.php?topic=29944.0 (in this case, look 
for "---Section 2---") which covers setting up an interface and 
creating routing rules -- This article may be a bit out of date, and 
of course it's aimed at setting up a specific VPN, but if you 
understand the concepts rather than following it letter for letter, it 
should be doable.



As far as narrowing down your BitTorrent traffic, your best bet might 
be to simply run BitTorrent on a specific local IP (or dedicated 
machine) and route all traffic from that machine out via your VPN.



This may still be somewhat problematic as BitTorrent really does need 
an inbound port opened as well, but that's between you and your VPN 
provider. An external seedbox might be a better approach, along with 
the VPN to handle other traffic.



The inbound is not really much of an issue since the VPN provider allows 
it and simply forwards it back through the VPN.  I am assuming they use 
PNP or something similar since it "just works" when I open a VPN to them 
now.

I guess the question is, can I direct a protocol through a route?
_______________________________________________
List mailing list
[email protected]
http://lists.pfsense.org/mailman/listinfo/list























					Reply via email to