Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    How do i exclude local IPs from VPN client/connection?

    Scheduled Pinned Locked Moved Firewalling
    4 Posts 2 Posters 3.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • H
      hotsauce81
      last edited by

      Hi,

      I am running pfsense 2.03 and it has been working flawlessly for who months now.
      I have set up a VPN client to Astrill and all traffic goes trough that. (i found a guide somewhere)

      The issue now is that i have some devices here (ie Sonos) that i need to exclude from the outgoing VPN connection. And i simply don't know how to set that up.

      For information my sonos IP is 10.0.0.23

      And here is some screens:

      Can somebody please help me with this?

      Nicholas

      1 Reply Last reply Reply Quote 0
      • P
        phil.davis
        last edited by

        I guess you have made the OpenVPN an interface, and added a firewall rule on LAN that uses policy-routing and sends everything on LAN to the OpenVPN interface.
        You could:
        a) Make an alias for the IPs you do not want to redirect - SonosAlias
        b) i) edit the rule so it is source !SonosAlias - then Sonos IPs will fall through to take the default rule/s. or;
          ii) Add a rule above the policy-routing rule - Pass source SonosAlias, destination all. The Sonos IPs will match that rule first, and not get policy-routed.

        As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
        If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

        1 Reply Last reply Reply Quote 0
        • H
          hotsauce81
          last edited by

          thank you for your reply, Phil!

          I have made the alias:

          added a new rule:

          details:

          But it ain't flying :(

          1 Reply Last reply Reply Quote 0
          • P
            phil.davis
            last edited by

            The rule needs to be on LAN, where (hopefully) your policy-routing rule is that sends LAN traffic to OpenVPN. This new rule needs to go before the policy-routing rule. It is traffic originating from LAN that you want to control.

            As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
            If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.