Question about routing internet traffic



  • I have a persistent vpn between 3 locations. The virtual interface for this is 192.168.21.1. 192.168.1.x, is my subnet(ovpn server). 10.10.1.x, 10.10.2.x. are the remote subnets of the clients. This has been working fine for years.

    I want to sign up for pia or another provider so I can encrypt all my outgoing internet traffic. This would be for the 192.168.1.x subnet. I can setup the openvpn client tunnel on my own.

    My question is what is the route I need to push only traffic originating on the 192.168.1.x destined for the internet out the newly created VPN? I don't want any of the traffic destined for the 192.168.21.1 virtual interface or the 10.10.1.x and 10.10.2.x subnets using the pia VPN. That should be routed out the wan with no pia vpn.



  • In the settings for the PIA client check "Don*t pull routes" to avoid that you get pushed the default route from the server.

    Then set up a policy routing rule like that:
    Add an alias "NoPIA" first and add the networks 10.10.1.x, 10.10.2.x and your pfSense LAN address to it.
    Add a firewall pass rule to your LAN (92.168.1.x):
    source: LAN net (the 192.168.1.x network)
    destination: check "invert match" and enter the alias "NoPIA"
    Open the advanced options, go to gateway and select the PIA gateway.

    You have to assign an interface to the PIA-VPN first.


Log in to reply