I am trying to route the traffic for 1 IP destination via the pfSense VPN client. The issue is that this server replies with an HTTP 302 Found reply which provides the new location for the server. This new IP changes from time to time and so when the client computer makes the new connection attempt, this connection bypasses the firewall rule that forces the use of the VPN gateway. I have thought of using Squid proxy for that IP destination alone but I cannot tell pfSense to bypass the proxy except for the original destination IP. I have also thought of using snort to trigger an alert with such 302 replies and send it to a UNIX socket being listened by a self-coded system deamon which adds the new server IP in an alias with the pfSense REST API. But before going that painful way I was wondering whether you come up with a simpler way to have it working.