How do i exclude local IPs from VPN client/connection?

  • Hi,

    I am running pfsense 2.03 and it has been working flawlessly for who months now.
    I have set up a VPN client to Astrill and all traffic goes trough that. (i found a guide somewhere)

    The issue now is that i have some devices here (ie Sonos) that i need to exclude from the outgoing VPN connection. And i simply don't know how to set that up.

    For information my sonos IP is

    And here is some screens:

    Can somebody please help me with this?


  • I guess you have made the OpenVPN an interface, and added a firewall rule on LAN that uses policy-routing and sends everything on LAN to the OpenVPN interface.
    You could:
    a) Make an alias for the IPs you do not want to redirect - SonosAlias
    b) i) edit the rule so it is source !SonosAlias - then Sonos IPs will fall through to take the default rule/s. or;
      ii) Add a rule above the policy-routing rule - Pass source SonosAlias, destination all. The Sonos IPs will match that rule first, and not get policy-routed.

  • thank you for your reply, Phil!

    I have made the alias:

    added a new rule:


    But it ain't flying :(

  • The rule needs to be on LAN, where (hopefully) your policy-routing rule is that sends LAN traffic to OpenVPN. This new rule needs to go before the policy-routing rule. It is traffic originating from LAN that you want to control.

Log in to reply