Home
Documentation
Home
Documentation

Policy Based Routes

We always have situations where we sometimes have to turn on a VPN just for accessing one website that has geo-restrictions or some other block for whatever reason, this is made even more infuriating due to the fact that some devices (like televisions) where we need to access that specific site cannot even run a proper VPN software. This is where PBR comes in very handy, it's also used for making SBCs work by making specific traffic get routed over specific interfaces.

Now in the first case imagine I have a TV that has the specific mac address 01:7c:44:4e:c7:46, now this TV lets assume I want to route all it's traffic through a VPN for whatever reason it may be (lets assume to by pass geo-restrictions in this case) I would make a rule similar to this:

image.png

Network Settings - Routes - Policy Based Routes

Name

This is nothing more than a name for a particular rule.

Protocols

WARNING
Please remember that HTTP/3 uses UDP, so for website traffic you may need to use both UDP/TCP

You can choose between All, TCP, UDP and ICMP here. We've chosed ALL here as we want to route all traffic of the TV through a specific interface.

Source IP

Here you can give a new-line separated list of IP address that should use this specific route, this is actually pretty hard to do as dual stack connections are very common and most end user devices actually prefer IPv6 to legacy IPv4. But still for things like phones, SBCs you can specify an address in CIDR format here.

Source MACs

Now this is the cool option, you can specify a MAC instead of an IP and it will collectively route traffic from all the IPs that are attached to that specific MAC address.

Destination IPs

Sometimes you just need the route to work for a collection of well known an non-changing IPs, in that case you can specify a new-line separated list of IP addresses in CIDR format and you should be good to go.

Destination Domains

This is where you can give any domain that you'd like and we'd resolve them periodically (basically every 3 minutes or so) and update the firewall/network rules underneath so you don't have to worry about it. So if you give "google.com" all traffic to that website from the given sources will be redirected through a different interface.

Interface

You can pick pretty much any interface in the system, mostly VPN interfaces or Custom Interfaces (in case of SIP Trunks) are used here.

Forced Gateway

Sometimes the gateway that is assigned for an interface acts flakey, in that case you can assign one to be forced onto the route, this will make sure that no matter what happens it will always use that specific gateway for this specific route.