Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    LAN OPT1 and VPN routing

    Scheduled Pinned Locked Moved General pfSense Questions
    4 Posts 2 Posters 1.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • mudmanc4M Offline
      mudmanc4
      last edited by

      LAN  = 192.168.0.0/24
      OPT1 = 180.180.0.0/24
      VPN  = 10.10.0.0/24

      Workstation1 on OPT1 uses VPN TUN for all traffic, and hits the exit node at the VPN.

      What would the proper procedure be to have workstation1 continue to use VPN for all traffic, yet bypass VPN in the case of the LAN network.

      Thanks for any suggestions or guidance.

      1 Reply Last reply Reply Quote 0
      • J Offline
        jarrad
        last edited by

        Just to be clear:

        Your VPN client comes in on OPT1, and routes exit traffic to VPN? And you want all traffic to exit via VPN unless its destined for LAN?

        I could be horribly wrong here, but you would need 2 rules:

        1. One that says route all traffic of all types to the VPN interface/gateway
        2. Above this rule a rule that says route all traffic of all types for the destination LAN network to the LAN.

        You would apply these rules to the OPT1 interface so that traffic on this interface routes as per those rules for your clients on OPT1.

        I believe - I'll be honest I'm not 100% sure, that you might also need a rule on the LAN interface to accept traffic from the VPN interface and how to handle it (as in allow all from VPN destined from LAN) and also the VPN interface, but those I am not 100% sure about, but have a strong feeling you definitely need.

        The rule order is important for OPT1 is important.

        1 Reply Last reply Reply Quote 0
        • mudmanc4M Offline
          mudmanc4
          last edited by

          Thanks for the reply, and I should clarify to insure were on the same page:

          Workstation1 on (local) OPT1 subnet is connected to remote pfsense VPN server, and requires all external traffic to use this VPN.

          Workstation1 requires access to local LAN subnet.

          The VPN client on Workstation1 is set to redirect all traffic through VPN, this would require basic rules to allow OPT1 and LAN to communicate (already accomplished) ie: if Workstation1 VPN is not active, Workstation1 can access LAN subnet.

          So would this require adding a route in the VPN client, to allow only the LAN subnet ?

          1 Reply Last reply Reply Quote 0
          • J Offline
            jarrad
            last edited by

            @mudmanc4:

            Thanks for the reply, and I should clarify to insure were on the same page:

            So would this require adding a route in the VPN client, to allow only the LAN subnet ?

            Reading what you wrote, I dare say yes, just pushing the route for the local LAN should be sufficient.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.