PF redirect http traffic between interfaces

hi,
i have a vpn interface on my machine, out of which everything passes, and have an additional interface(wifi).
i would like to make an exception - pass a specific ruleset(e.g: access to the domain "www.potato.com" on port 443) directly via the wifi interface without the vpn

tried using route-to (pass out on vpn_interface route to wifi_interface proto tcp to potato.com port 443 , but did not work.
 
This has nothing to do with the firewall. See route(8).

A firewall is not a router, stop treating it like that.
 
it can technically be done but such things should be used as a last resort only because fw hacks like route-to and reply-to tend to not set the correct mtu and create various side efects
just add a static route to rc.conf or create one in your vpn's if-up script
 
i suck at pf
what kind of vpn to you have ?
ikev2 ? l2tp + ipsec ?
how is the ipsec policy looking ? (setkey -DP)
do you see any traffic when tcpdump on ipsec0 ?
 
Back
Top