[Solved] Cannot access LAN when bypassing VPN

truetype

When I am connected to my VPN provider OVPN.com via OpenVPN there is no problem to reach LAN from my main PC.

But in order to let my main PC bypass VPN sometimes I activate my VPN Bypass floating rule - see attached screenshots of config.
Though when the bypass is activated I cannot access LAN anymore, not even ping..
When I traceroute my main PC (192.168.2.5) from OPT2 it respond with 10.128.0.1, but when I tracetroute from WAN or WLAN or anything else I get no respone.
I have not set any rules for OpenVPN or OPT2.

I've tried to understand this for 3 days now. :( Please help me out if you have a clue what's happening!

See attached files for my configuration, I attached as much as I could think of that could be involved.
![VPN interfaces.PNG](/public/imported_attachments/1/VPN interfaces.PNG)
![VPN interfaces.PNG_thumb](/public/imported_attachments/1/VPN interfaces.PNG_thumb)

![VPN Floating.PNG](/public/imported_attachments/1/VPN Floating.PNG)
![VPN Floating.PNG_thumb](/public/imported_attachments/1/VPN Floating.PNG_thumb)
![VPN lan rules.PNG](/public/imported_attachments/1/VPN lan rules.PNG)
![VPN lan rules.PNG_thumb](/public/imported_attachments/1/VPN lan rules.PNG_thumb)
![VPN wlan rules.PNG](/public/imported_attachments/1/VPN wlan rules.PNG)
![VPN wlan rules.PNG_thumb](/public/imported_attachments/1/VPN wlan rules.PNG_thumb)
![VPN traceroute.PNG](/public/imported_attachments/1/VPN traceroute.PNG)
![VPN traceroute.PNG_thumb](/public/imported_attachments/1/VPN traceroute.PNG_thumb)
![VPN traceroute2.PNG](/public/imported_attachments/1/VPN traceroute2.PNG)
![VPN traceroute2.PNG_thumb](/public/imported_attachments/1/VPN traceroute2.PNG_thumb)

johnpoz

Your forcing traffic out your wan, so no your not going to be able to access other networks that route through pfsense..

Create a rule above where you force traffic out your vpn or wan that allows the traffic you wan to your other lans..

truetype

@johnpoz:

Your forcing traffic out your wan, so no your not going to be able to access other networks that route through pfsense..

Create a rule above where you force traffic out your vpn or wan that allows the traffic you wan to your other lans..

Thank you very much!
So I created a new floating rule above all with the settings as the screenshot attached below and it works now!
Though could you please explain since it's not like what you said really, I just solved the problem another way?

I tried different rules the way you explained. Like: Interface = OPT2, Source=truetype, Destination=LAN net, but with no success.

![VPN floating1.PNG](/public/imported_attachments/1/VPN floating1.PNG)
![VPN floating1.PNG_thumb](/public/imported_attachments/1/VPN floating1.PNG_thumb)

Derelict

For clarity, I would put that on the WLAN interface and not use a floating rule there.

Just put a pass rule with no gateway set above the rule that policy routes out OpenVPN.

truetype

@Derelict:

For clarity, I would put that on the WLAN interface and not use a floating rule there.

Just put a pass rule with no gateway set above the rule that policy routes out OpenVPN.

When I put it on the WLAN interface is doesn't work for me, I guess that's because floating rules are above all other rules anyhow?

Derelict

It works if it is positioned ABOVE the policy-routing rule in the interface rule set.

truetype

@Derelict:

It works if it is positioned ABOVE the policy-routing rule in the interface rule set.

Forgive me, I guess I mix up the terms…
Please see attached screenshot, that is what I thought you meant by putting it on the WLAN interface.

But now I made a new floating rule like the 2nd screenshot and it works, I guess that is what you meant is a more neat solution?

![WLAN rules.PNG](/public/imported_attachments/1/WLAN rules.PNG)
![WLAN rules.PNG_thumb](/public/imported_attachments/1/WLAN rules.PNG_thumb)