How to route single client through openvpn tunnel



  • Hi,

    On my pfSense router I have setup an openvpn client (expressvpn).
    I followed the "How to set up pfSense with ExpressVPN (OpenVPN)" on their site.
    The openvpn client is now UP in pfsense!
    However the next steps they describe is routing the wan traffic of all clients of the network (I have only one subnet 192.168.1.0\24) through the vpn tunnel.
    I asked them if it also is possible to route only one client of my network through the vpn tunnel.
    The answer was: "not possible", but i get the feeling this should be possible…
    I stopped the setup at the point that I had to assign an interface to the openvpn client

    Is this possible? and if so, what would be the next steps in pfSense?



  • Normally, only the traffic for the VPN client will be passed through the VPN.  Other traffic will not be passed through it.  That's just the way IP works in general.  That client should have an IP address in a subnet that's different from the main LAN and that is how routing is determined.



  • According to this video https://www.youtube.com/watch?v=ov-xddVpxhc
    You can use firewall rules to exclude the hosts that you dont want to go through the vpn tunnel.
    So if you set static ip's for the hosts that use the vpn tunnel an make a firewall alias for the dhcp range and use this alias in a firewall rule which will pass the vpn tunnel and to go through the wan
    Wouldn't that work?


Log in to reply