Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    On one LAN

    Scheduled Pinned Locked Moved OpenVPN
    6 Posts 2 Posters 2.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jimmybob
      last edited by

      Hi,

      At the moment OpenVPN when running is active on all LANs.
      How can I make it so that OpenVPN only works on specified LANs and the other LANs access the internet
      as normal?

      Thanks

      1 Reply Last reply Reply Quote 0
      • J
        jimmybob
        last edited by

        Can anyone please help me with this?
        I'm concerned about locking myself out of the box if I mess up.

        Here is how I have it at the moment…

        LAN 1 ---> PC1
        LAN 2 ---> OPENVPN (PC2)
        LAN 3 ---> PC3
        LAN 4 ---> AP WIFI

        So as it currently stands with how I have OpenVPN configured is like this...

        Certificates:
        Peer Certificate Authority
        Client Certificate

        OpenVPN:
        Interface: WAN

        Interface:
        name: openvpn
        type: none (default)
        rest as default)

        Firewall rules:
        LAN 2
        pass
        interface: lan2
        protocol: any
        type: lan 2 subnet
        destination: any  <---- is it this part that plays an important part?

        The firewall rules above I have set for all 4 LAN ports with the exception of gateway (as below) which is only set on LAN 2.

        gateway: openvpn

        But as it stands when I have OpenVPN enabled. All LANs have VPN access. How can I force VPN on one of the LANs?

        thanks

        1 Reply Last reply Reply Quote 0
        • stephenw10S
          stephenw10 Netgate Administrator
          last edited by

          Check what the system default gateway is. It's in System: Routing:
          It looks like it's possibly using the OpenVPN gateway as the default rather than the WAN gateway.

          Steve

          1 Reply Last reply Reply Quote 0
          • J
            jimmybob
            last edited by

            @stephenw10:

            Check what the system default gateway is. It's in System: Routing:
            It looks like it's possibly using the OpenVPN gateway as the default rather than the WAN gateway.

            Steve

            Hi Steve,

            System –-> Routing ---> Gateways = WAN (default).
            Details within are...
            Interface: WAN
            Name: WAN
            Gateway: Dynamic
            Default Gateway = ticked

            1 Reply Last reply Reply Quote 0
            • J
              jimmybob
              last edited by

              I got it sorted. And I think this is the right way.
              Although I never tried this because I thought default was exactly that.

              So…
              Even though System ---> Routing ---> Gateways = WAN shows as default.
              If I did not specifically select the gateway in the firewall rule under gateway.
              Despite the fact it's set by default to DEFAULT which because of that you'd think it would use
              WAN since that's default right?
              Well to stop all adapters from using OpenVPN I had to actually specify WAN in the firewall rule under
              gateway.

              1 Reply Last reply Reply Quote 0
              • stephenw10S
                stephenw10 Netgate Administrator
                last edited by

                Ah, good to here. I suspect that the OpenVPN connection is stealing the default gateway when it is brought up. There is an option to allow the default gateway to change but I can't remember where it is off hand.  ::) I think it's disabled by default anyway.

                More likely is that the VPN adds a default route when it comes up. I think that is a changeable setting also. VPNs are not strong point of mine to be honest.  :)

                Steve

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.