Unusual configuration, need help on setup



  • I'm looking to attach an openvpn vpn to a specific vlan/subnet. I have the openvpn client setup but by default it routes all of my lan traffic over the vpn. I only want to route 192.168.20.0/24 over it. How should I approach this?



  • That is what happens on pfsense default "Allow all" policy and when the routing is properly done. So congratulations!

    To block the traffic I did:

    • First I added one "quick" floating rule permiting my IP address to pass everything (like an antilock out rule to access the webgui).

    • Secondly I  added another "quick"  floating rule bellow it to block all ipv4/6 traffic from all the subnets that have routes on the server, with every interface selected on this rule.  I did this using an alias with every subnet that I which to block.

    • Thirdly, above the previous rule I created another  "quick" floating rule allowing only the desired subnets, or even single ips, to pass.

    All interfaces maintained their "allow all" rule. From the moment you add a floating "quick" rule to block it all, you are bound to use floating "quick" rules above the "block all" to permit access to anything you need communicating.

    That is how I did it.