Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Allow Device to Avoid VPN and use open internet

    Scheduled Pinned Locked Moved Firewalling
    6 Posts 4 Posters 332 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      PnetG
      last edited by

      Hi,

      I have a couple devices that connect to the internet using pfsense by way of a vpn., but I need for 2 of the wireless devices to connect to the open internet. How can I setup pfsense to allow 2 devices to connect to the open internet and the rest of the devices to continue to connect using vpn? I have tried to allow both devices using their IP to connect to the open internet by changing their gateway in the firewall to the open internet. That didn't work. Any help please?

      Bob.DigB V marcelobeckmannM 3 Replies Last reply Reply Quote 0
      • Bob.DigB
        Bob.Dig LAYER 8 @PnetG
        last edited by

        @PnetG said in Allow Device to Avoid VPN and use open internet:

        That didn't work.

        You did right, at least in theory. Now show some screenshots what you did there exactly.

        1 Reply Last reply Reply Quote 0
        • V
          viragomann @PnetG
          last edited by

          @PnetG said in Allow Device to Avoid VPN and use open internet:

          I have tried to allow both devices using their IP to connect to the open internet by changing their gateway in the firewall to the open internet.

          You have to limit the destination to public ranges only and put this rule to the top of the rule set.

          To achieve this create an alias for RFC 1918 networks and add all private IP ranges to it. Then state this alias as destination in your policy routing rule.

          P 1 Reply Last reply Reply Quote 0
          • P
            PnetG @viragomann
            last edited by

            @viragomann I tried that option and it looks like the devices are not able to connect to the internet at all now. Trying to work around the vpn gateways and have the devices only connect to the ISP. I realized I didn't say that in my first post.

            V 1 Reply Last reply Reply Quote 0
            • V
              viragomann @PnetG
              last edited by

              @PnetG
              So what do you get?

              Do you have an outbound NAT rule in place o WAN for the concerned devices?

              1 Reply Last reply Reply Quote 0
              • marcelobeckmannM
                marcelobeckmann @PnetG
                last edited by

                @PnetG maybe you can create two Client Specific Overrides for these 2 devices.
                Reading man openpvn, --redirect-gateway is the option that is passed to all devices, to force internet access via vpn.
                For these 2 specific devices, you can pass:
                redirect-gateway !ipv4 (or !ipv6 too)
                to not redirect gateway (and then these 2 devices can access internet directly).

                Another option is using the "pull-filter ignore ...." on the .opvn|.conf files for these 2 devices, to make them ignore the redirect-gateway pushed by the openvpn server to them (see man openvpn).

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.