tl;dr: Force or block traffic through VPN only for a few websites and only using the domain names.
Hi everyone,
I set up a VPN server using OpenVPN for a company I work with.
We'd like to hide our backoffice and administration platforms behind the VPN so that they can only be reachable by connected and allowed users.
I achieved this by setting up the VPN server on an EC2 and adding a WAF rule to the Cloudfront distribution to only allow traffic from the IP of the VPN server.
However this works by routing all traffic through the VPN, which isn't ideal since the bandwidth of the server is limited.
In an ideal world, we'd route only the traffic to our platforms through the VPN and let everything be routed to the internet.
In a less ideal world, we'd route everything through the VPN but allow the bandwidth-hungry platforms such as Spotify or YT to go through internet instead.
The problem is, routing is done at the IP level so we can't route traffic depending on the domain, and our platforms are behind Cloudfront distributions, so using the IPs is out of question.
Is there a way to separate the traffic like this ? Is there a way to allow users to be connected at all times to the VPN, but route traffic to the internet or the VPN when needed using the domain names ?
