Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVpn Client on only one subnet

    OpenVPN
    2
    2
    830
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      gagootron
      last edited by

      I tried to connect my PfSense box to a Vpn (by Cyberghost). But it seems that PfSense automatically tries to  route all my subnets through the vpn, but I only want my lan subnet to go through, while my wifi and guest networks should go straight to wan.

      I have set the outbund nat to manual and changed the config for the Lan to go through the VPN connection and also added fitting Firewall rules.

      Now when I connect my VPN client:
      Lan can access the Internet with a VPN public ip.
      Wifi can't access the Internet at all.

      When I change the client to not pull routes from the Server:
      Lan can access the Internet with my public IP (Only Cyberghost website says i have a VPN ip. Other sites still say I got my public one).
      Wifi can access the Internet with my public IP.

      The result I want:
      Lan can access the Internet with a VPN public ip.
      Wifi can access the Internet with my public IP.

      I also want to be able to disconnect my VPN client and have Lan go with my private IP

      Any help is welcome.

      1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by

        Check "Don't pull routes" and policy route LAN traffic to the VPN gateway.

        Or, leave "Don't pull routes" unchecked and policy route Wifi out the WAN gateway.

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.