OpenVpn Client on only one subnet

gagootron · Dec 25, 2017, 2:06 PM

I tried to connect my PfSense box to a Vpn (by Cyberghost). But it seems that PfSense automatically tries to route all my subnets through the vpn, but I only want my lan subnet to go through, while my wifi and guest networks should go straight to wan.

I have set the outbund nat to manual and changed the config for the Lan to go through the VPN connection and also added fitting Firewall rules.

Now when I connect my VPN client:
Lan can access the Internet with a VPN public ip.
Wifi can't access the Internet at all.

When I change the client to not pull routes from the Server:
Lan can access the Internet with my public IP (Only Cyberghost website says i have a VPN ip. Other sites still say I got my public one).
Wifi can access the Internet with my public IP.

The result I want:
Lan can access the Internet with a VPN public ip.
Wifi can access the Internet with my public IP.

I also want to be able to disconnect my VPN client and have Lan go with my private IP

Any help is welcome.

Derelict · Dec 25, 2017, 8:39 PM

Check "Don't pull routes" and policy route LAN traffic to the VPN gateway.

Or, leave "Don't pull routes" unchecked and policy route Wifi out the WAN gateway.