OpenVpn Client on only one subnet



  • I tried to connect my PfSense box to a Vpn (by Cyberghost). But it seems that PfSense automatically tries to  route all my subnets through the vpn, but I only want my lan subnet to go through, while my wifi and guest networks should go straight to wan.

    I have set the outbund nat to manual and changed the config for the Lan to go through the VPN connection and also added fitting Firewall rules.

    Now when I connect my VPN client:
    Lan can access the Internet with a VPN public ip.
    Wifi can't access the Internet at all.

    When I change the client to not pull routes from the Server:
    Lan can access the Internet with my public IP (Only Cyberghost website says i have a VPN ip. Other sites still say I got my public one).
    Wifi can access the Internet with my public IP.

    The result I want:
    Lan can access the Internet with a VPN public ip.
    Wifi can access the Internet with my public IP.

    I also want to be able to disconnect my VPN client and have Lan go with my private IP

    Any help is welcome.


  • LAYER 8 Netgate

    Check "Don't pull routes" and policy route LAN traffic to the VPN gateway.

    Or, leave "Don't pull routes" unchecked and policy route Wifi out the WAN gateway.


Log in to reply