Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN and PIA - only route one host?

    Scheduled Pinned Locked Moved OpenVPN
    4 Posts 4 Posters 1.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      dcparker
      last edited by

      hey all,

      I've been googling this and experimenting a bunch but can't seem to figure it out. I have OpenVPN connected to PIA running on my pfsense box. I am able to get all clients to connect through the VPN, or none. I'd like to only send a specific host.

      Here's what I've tried:

      adding route-nopull to the openvpn config, and using LAN firewall rules to route the specific host to the PIA gateway I've created. I've also tried without that option and no luck. I've got openvpn bound to the WAN interface.

      Even if I disable the firewall rules, everything seems to go through the VPN. The only way I can get the VPN to not takeover is the route-nopull, but then I can't get the actual host I want to go through. Does anyone have any tips? I can post whatever config is needed.

      ps - I have all the NAT rules and everything set up, so the VPN works, I just don't want some of my devices using it.

      1 Reply Last reply Reply Quote 0
      • T
        tmacka88
        last edited by

        hey mate,

        any success?

        i am trying to do the same thing but no one seams to reply to anything in this forum unfortunately.

        Cheers

        1 Reply Last reply Reply Quote 0
        • L
          lt1360hp
          last edited by

          Interested in this also. It would be interesting to tie this to a vlan. In other words, all hosts tagged to a particular vlan their traffic is routed to the PIA tunnel.

          1 Reply Last reply Reply Quote 0
          • R
            Ryu945
            last edited by

            I spent awhile figure this about but eventually found someone that knew how to do it.  From what I understand, you already have the VPNs themself working so they only thing left for your to do is to have specific client going through specific VPNs.  To do this you need to have what you consider a default VPN providing internet to everything first.  I usually restart VPNs until this is working correctly and it seems to continue working but it may also happen to do with the fact my Outbound NAT has my default VPN rules above the other VPNs (i'm not exactly an expert on this).

            The next thing you need to do is to put a static address DHCP address on the clients you don't want to be using the default VPN.  This is done at status -> DHCP leases.

            Finally, you need to create a firewall rule that that forces those static address through those alternate VPNs and place them above your rule that normally allows clients to get internet.  If your static dhcp address for that client is 188.132.1.3 then the rule looks like:

            Interface: LAN
            Source: 188.132.1.3  (using single host or alias)
            Destination: any
            Gateway:<the name="" of="" your="" selected="" vpn=""></the>

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.