Outbound policy openvpn

I added the OpenVPN client license and have it connected as an additional WAN.

On my max transit dashboard I have
Priority 1
1.) Cellular connected
2.) OpenVPN connected

What I want to achieve is to route traffic to a few sites via the open vpn client, and route all other traffic via cellular.

Under Advanced → Outbound policy I have
1.) “Whatsmyip Over VPN” - Algorithm Enforced - WAN: OpenVPN - Source Any - Destination domain www.whatsmyip.org - Protocol/Port Any
2.) “All other Traffic” - Algorighm Enforced - WAN: Cellular - Source Any - Destination Any - Protocol/Port Any
3.) HTTPS Persistance (default rule which I didn’t change)

However when I visit www.whatsmyip.org it still shows my cellular IP.

What am I doing wrong?

If I change 2.) “All other traffic” to route over Wan: OpenVPN then www.whatsmyip.org shows the openvpn IP.

I tried changing the domain name in rule 1 to whatismyipaddress.com

and then visiting https://whatismyipaddress.com and it still shows my cellular IP.

I can’t seem to figure out how to direct traffic via the openvpn wan based on destination domain. What am I missing?

It seems to work if I change rule1 to destination: “IP Address” and enter the IP address of either whatsmyip.org or whatismyipaddress.com but if I change that to destination “Domain Name” and enter either domain name, neither domain name is picked up by rule 1.

These are the domains that run in the backend when you are accessing https://whatismyipaddress.com/.

So, adding a domain rule with whatismyipaddress.com is not sufficient. Alternatively, you need to find out the public IPs of whatismyipaddress.com and route based on the IPs like what you did in your test.

OK, will continue to test.

I started by entering a single domain name hosted on a single server at a single IP address which only allows the openvpn IP to access and it didn’t work.

Maybe I need to give it longer to apply the changes.

I’m assuming the rules should apply from the top down.

Then I started testing with whatsmyip.org and whatismyipaddress.com to test. I did a quick ping whatismyipaddress.com which returned and I entered that single IP address it returned my openvpn IP address consistently.

I’ve done another test.

With a domain name which is hosted on a single server and single IPv4 IP address, there is a subdirectory which allows access only to the OpenVPN IP address.

If on the max transit rule 1 I enter destination: domain name and the domain name, I am blocked from access.

If on the max transit rule 1 I enter destination: IP address and the IP address of that domain name, I am allowed to view


If on the max transit I change rule 2 to send all other traffic over the open VPN wan, I am allowed to access.

So it seems that a rule to send traffic to OpenVPN wan based on destination: Domain Name doesn’t work. But a rule to send traffic to OpenVPN wan based on destination: IP Address does work.

This is with firmware 8.1.1 build 5040