OpenVpn Client on only one subnet



  • I tried to connect my PfSense box to a Vpn (by Cyberghost). But it seems that PfSense automatically tries to  route all my subnets through the vpn, but I only want my lan subnet to go through, while my wifi and guest networks should go straight to wan.

    I have set the outbund nat to manual and changed the config for the Lan to go through the VPN connection and also added fitting Firewall rules.

    Now when I connect my VPN client:
    Lan can access the Internet with a VPN public ip.
    Wifi can't access the Internet at all.

    When I change the client to not pull routes from the Server:
    Lan can access the Internet with my public IP (Only Cyberghost website says i have a VPN ip. Other sites still say I got my public one).
    Wifi can access the Internet with my public IP.

    The result I want:
    Lan can access the Internet with a VPN public ip.
    Wifi can access the Internet with my public IP.

    I also want to be able to disconnect my VPN client and have Lan go with my private IP

    Any help is welcome.


  • Netgate

    Check "Don't pull routes" and policy route LAN traffic to the VPN gateway.

    Or, leave "Don't pull routes" unchecked and policy route Wifi out the WAN gateway.