Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Howto opt out one address from OpenVPN? - Solved

    Scheduled Pinned Locked Moved OpenVPN
    2 Posts 1 Posters 484 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      JayArr
      last edited by

      Hi All

      I've got pfSense all set up and running great and I've also installed OpenVPN on it to connect to ExpressVPN. So far so good.

      The problem is that Netflix is refusing to connect when I use the VPN so I've been turning off the OpenVPN client for that subnet at night to watch TV. It's a PITA to have to stop and restart it every time someone in the house wants to watch TV.

      Is there a way to use the firewall rules to route one particular address directly to WAN without it going through the VPN? That way I could leave the OpenVPN client running all the time and still watch Netflix.

      My Interfaces are called:

      WAN (connected to the telco ADSL box)(soon to be fibre optic :-)  )
      LAN (connected to a Catalyst 3560 switch for all of the wired computers)
      Wireless (an added ethernet card in the server that connects to a Cisco EA3500 in Bridge mode for all the wireless devices)
      ExpressVPNVancouver
      ExpressVPNDenver

      LAN is one subnet and Wireless is another, pfSense runs a DHCP server on each but they don't overlap.

      The LAN subnet is routed through the ExpressVPN Vancouver Interface
      The Wireless subnet is routed through the ExpressVPN Denver Interface

      So…. I thought I could add rules to Wireless and WAN to route a single device through without any VPN:

      I tried:

      Pass, Interface=Wireless, Source=Singlehost-192.168.25.45, Destination=any, Gateway=WAN

      Pass, Interface=WAN, Source=WANnet, Destination=Singlehost-192.168.25.45, Gateway=WAN

      NAT Entry: Interface=WAN, Source=Network-192.168.25.45/32, Destination=any, Translation=Interface address

      I put all the new rules at the top of the list, saved and applied the changes.

      Any idea what I screwed up?

      JayArr

      1 Reply Last reply Reply Quote 0
      • J
        JayArr
        last edited by

        I got this working.

        I had way too many rules it seems, I followed a tutorial when I set things up that told me that for every rule I create on one interface like LAN I had to create the mirror on it's destination. I just disabled half my rules and everything is running fine.

        To opt out the one device I made one rule:

        Pass, Interface=Wireless, Source=Singlehost-192.168.25.45, Destination=any, Gateway=WAN

        No extra NAT rules or anything else and it works great

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.