Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    How to route single client through openvpn tunnel

    Scheduled Pinned Locked Moved OpenVPN
    3 Posts 2 Posters 582 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      gschmidt
      last edited by

      Hi,

      On my pfSense router I have setup an openvpn client (expressvpn).
      I followed the "How to set up pfSense with ExpressVPN (OpenVPN)" on their site.
      The openvpn client is now UP in pfsense!
      However the next steps they describe is routing the wan traffic of all clients of the network (I have only one subnet 192.168.1.0\24) through the vpn tunnel.
      I asked them if it also is possible to route only one client of my network through the vpn tunnel.
      The answer was: "not possible", but i get the feeling this should be possible…
      I stopped the setup at the point that I had to assign an interface to the openvpn client

      Is this possible? and if so, what would be the next steps in pfSense?

      1 Reply Last reply Reply Quote 0
      • JKnottJ
        JKnott
        last edited by

        Normally, only the traffic for the VPN client will be passed through the VPN.  Other traffic will not be passed through it.  That's just the way IP works in general.  That client should have an IP address in a subnet that's different from the main LAN and that is how routing is determined.

        PfSense running on Qotom mini PC
        i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
        UniFi AC-Lite access point

        I haven't lost my mind. It's around here...somewhere...

        1 Reply Last reply Reply Quote 0
        • G
          gschmidt
          last edited by

          According to this video https://www.youtube.com/watch?v=ov-xddVpxhc
          You can use firewall rules to exclude the hosts that you dont want to go through the vpn tunnel.
          So if you set static ip's for the hosts that use the vpn tunnel an make a firewall alias for the dhcp range and use this alias in a firewall rule which will pass the vpn tunnel and to go through the wan
          Wouldn't that work?

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.