PBR route all over WG apart from incoming 443 https traffic

Hi guys

I've got policy based routing split WG VPN setup as described below. I've decided to host http(s) over ports 80 and 443 using Let's Encrypt! on a device with ip 192.168.1.150 and have forwarded these ports in the firewall. Without the VPN enabled it works and I can access the sites using my mobile phone when using mobile data rather than the WIFI.

I would like all 192.168.1.150's traffic except this incoming traffic routed over the WG. In other words: how do I exclude the forwarded ports from the WG rules?

I've tried adding !80 !443 to the second policy but this doesn't seem to work. What policy would you recommend? Or would the problem perhaps not be with the policy?

The WG interface is part of the same zone as the WAN interface.

config policy
	option name 'local-ignore'
	option interface 'ignore'
	option dest_addr '192.168.0.0/16 172.16.0.0/12 10.0.0.0/8'

config policy
	option name 'lan-wgclient'
	option interface 'wgclient'
	option src_addr '192.168.1.128/25'

config policy
	option name 'wgserver-wgclient'
	option src_addr '172.16.1.128/25'
	option interface 'wgclient'

config policy
	option name 'dns-wgclient'
	option dest_addr 'x.x.x.x' (DNS server IP to prevent DNS leak)
	option chain 'OUTPUT'
	option interface 'wgclient'

Thanks for your advice

Follow example of Plex Media Server in the README and use ignore policy with the IP/port you want.

That was quick and of course it works!

I swear I tried that setting before and it didn't but perhaps it was my browser cache screwing me rather than the policy :roll_eyes:

Thanks

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.