Unusual configuration, need help on setup
-
I'm looking to attach an openvpn vpn to a specific vlan/subnet. I have the openvpn client setup but by default it routes all of my lan traffic over the vpn. I only want to route 192.168.20.0/24 over it. How should I approach this?
-
That is what happens on pfsense default "Allow all" policy and when the routing is properly done. So congratulations!
To block the traffic I did:
-
First I added one "quick" floating rule permiting my IP address to pass everything (like an antilock out rule to access the webgui).
-
Secondly I added another "quick" floating rule bellow it to block all ipv4/6 traffic from all the subnets that have routes on the server, with every interface selected on this rule. I did this using an alias with every subnet that I which to block.
-
Thirdly, above the previous rule I created another "quick" floating rule allowing only the desired subnets, or even single ips, to pass.
All interfaces maintained their "allow all" rule. From the moment you add a floating "quick" rule to block it all, you are bound to use floating "quick" rules above the "block all" to permit access to anything you need communicating.
That is how I did it.
-