I have a Raspberry Pi server running a variety of tasks and applications through various ports; one of which is a Home automation service running through an Nginx proxy on the same machine to allow https connections externally but only http connections on the LAN. Up until now this has worked great but recently I have decided to use a paid VPN service (Using OpenVPN) to increase privacy. This works fine until I try and access my Home automation server using SSL (which is required for services such as Amazon Alexa). As a result I've been trying to bypass the VPN for SSL traffic on port 443 but force all other traffic through the tunnel using the following routes and ufw rules when the VPN connection is enabled:
ip route add default via $route_vpn_gateway dev tun1 table 10
ip rule add from $ifconfig_local/32 table 10
ip rule add to $route_vpn_gateway/32 table 10
ip route flush cache
ufw insert 1 reject out on wlan0 from any
ufw insert 1 allow out on wlan0 from any port 443
ufw insert 1 allow in on tun1 to any
ufw insert 1 reject out on tun1 from any port 443
ufw insert 1 deny in on tun1 from any port 443
ufw insert 1 allow in on wlan0 to any port 443
I have tried to insert the more specific rules at the start of the rule list. This doesn't seem to work though and the SSL connections still fail to get through. Is there something I'm missing here? The VPN config is set up to prevent all traffic automatically being routed through the tunnel.
ip route
or similar) not filtering (using iptables/ufw). You need to add a more specific route then the vpn to the target IP. You cannot route a single port.