OPenvpn traffic Should be out via LAN interface



  • Hello,

    I have configured pfsense with two interfaces i.e WAN & LAN and both have different subnet. My traffic IN via WAN and out Via LAN. What i want to configure that all other traffic like system and packages update done via WAN and only VPN traffic in through WAN and out via LAN. IS there anyway so that only  Openvpn traffic should out via LAVN.



  • i don't understand what it is you wish to accomplish.

    could you draw a schematic/diagram??
    ( free tools can be found here: http://www.techrepublic.com/blog/five-apps/five-free-apps-for-diagramming-your-network/ )



  • Thanks for your response.
    i have two subnet for instance.

    192.168.1.0  WAN – Nat enable       
    192.168.1.1 WAN GATEWAY

    192.168.2.0 LAN
    192.168.2.1 LAN GATEWAY

    In default setting my traffic in and out via WAN interface. what i want that traffic should out via LAN. For that i go to "Routing" and use LAN gateway as default Gateway.  Now my traffic in via WAN and out via LAN. By doing this now my server is unable to get update from internet. IS it possible that i use WAN gateway for server update and only openvpn traffic should out via LAN Gateway.



  • Thanks for your response.
    i have two subnet for instance.

    192.168.1.0  WAN – Nat enable       
    192.168.1.1 WAN GATEWAY

    192.168.2.0 LAN
    192.168.2.1 LAN GATEWAY

    In default setting my traffic in and out via WAN interface. what i want that traffic should out via LAN. For that i go to "Routing" and use LAN gateway as default Gateway.  Now my traffic in via WAN and out via LAN. By doing this now my server is unable to get update from internet. IS it possible that i use WAN gateway for server update and only openvpn traffic should out via LAN Gateway. Attached is the network diagram.



  • Rebel Alliance Global Moderator

    "192.168.2.1 LAN GATEWAY"

    Why would you have a gateway set on a pfsense LAN interface???  If you setup a gateway on "lan" it is not longer a lan interface..

    The lan side of pfsense should have no gateway.  Do you have some downstream networks you need to get to?  Then sure you could setup a route to that.  But if you how downstream router and devices on your "lan" your going to most likely run into a asymmetrical routing problem.  If you have downstream networks from pfsense then they should be connected via a transit network.

    A drawing of your full network and what is trying to talk to what and from where would be most helpful.  Why should pfsense use it lan interface to talk to a vpn server?  Do you mean clients from wan/internet side of pfsense should go through pfsense to get to some openvpn server?



  • hi John,

    is it possible that only TUN traffic out via  "192.168.2.1 LAN GATEWAY" and PFsense use WAN Gateway for updates etc..



  • i have fixed it by using PFsense rule  :). yessssssssss


  • Rebel Alliance Global Moderator

    There should not be a gateway set on your LAN…  You mean you setup a gateway that uses your lan interface to get to downstream network(s)?

    Yes you can setup firewall rules to use specific gateways.


Locked