Only have certain LAN hosts use OpenVPN tunnel?



  • Seems like this should be possible.  I am doing a demo of NordVPN from their instructions here https://nordvpn.com/tutorials/pfsense/pfsense-openvpn/ it got me going very quick, the only thing I did different was their LAN firewall rule:  instead of allowing any, I just put a /32 in there, thinking that would allow that host to use the VPN, and then all others would use the regular WAN.

    This never worked, so I went back and changed that rule to ANY.  Still didnt work.  I found out later that the instructions above were missing a part: System Routing Gateways to set the new connection as the default gateway.  This caused EVERYONE on my net to use the openVPN tunnel.

    I monkeyed around in there a bit, still cant figure out how to get just 1 host using the tunnel.



  • What did it for me, at least as far as preventing everyone from going through the VPN by default, was enabling the "Don't pull routes" option under VPN>OpenVPN>Clients>edit your VPN. It's the 2nt option above the  Advanced Configuration header.

    All I need now is a 'Killswitch' so if the VPN goes down any client routed into the VPN doesn't just go back through the WAN.

    Hope this helped.


Log in to reply