Use VPN for specific domains

I have several services that are served by a CDN (cloudfront) so they are public. The current setup is to have all VPN traffic go through the instance so the WAF can only allow that specific IP to a specific domain (like on cloudfront. Saw the post below but wanted to verify that this is still not possible either on the server side or client side to only route traffic over the vpn when the domain matches.

1 Like

There’s still no option to route domains.

In my case, we needed only certain routes (specific domains) to go through the VPN. These routes were behind AWS load balancers (which change IP addresses from time to time).

We implemented monitoring on the LoadBalancer IPs using Zabbix, and as soon as a change is detected, a remote command is executed using the Pritunl API to shut down the server, remove the current routes (based on some comment, for example: “Route added via script”), resolve the LoadBalancer CNAME to the A record (IPs), and add these IPs as routes in the VPN.

It’s not the best of worlds, but it solved our problem.