OpenVPN and PIA - only route one host?

  • hey all,

    I've been googling this and experimenting a bunch but can't seem to figure it out. I have OpenVPN connected to PIA running on my pfsense box. I am able to get all clients to connect through the VPN, or none. I'd like to only send a specific host.

    Here's what I've tried:

    adding route-nopull to the openvpn config, and using LAN firewall rules to route the specific host to the PIA gateway I've created. I've also tried without that option and no luck. I've got openvpn bound to the WAN interface.

    Even if I disable the firewall rules, everything seems to go through the VPN. The only way I can get the VPN to not takeover is the route-nopull, but then I can't get the actual host I want to go through. Does anyone have any tips? I can post whatever config is needed.

    ps - I have all the NAT rules and everything set up, so the VPN works, I just don't want some of my devices using it.

  • hey mate,

    any success?

    i am trying to do the same thing but no one seams to reply to anything in this forum unfortunately.


  • Interested in this also. It would be interesting to tie this to a vlan. In other words, all hosts tagged to a particular vlan their traffic is routed to the PIA tunnel.

  • I spent awhile figure this about but eventually found someone that knew how to do it.  From what I understand, you already have the VPNs themself working so they only thing left for your to do is to have specific client going through specific VPNs.  To do this you need to have what you consider a default VPN providing internet to everything first.  I usually restart VPNs until this is working correctly and it seems to continue working but it may also happen to do with the fact my Outbound NAT has my default VPN rules above the other VPNs (i'm not exactly an expert on this).

    The next thing you need to do is to put a static address DHCP address on the clients you don't want to be using the default VPN.  This is done at status -> DHCP leases.

    Finally, you need to create a firewall rule that that forces those static address through those alternate VPNs and place them above your rule that normally allows clients to get internet.  If your static dhcp address for that client is then the rule looks like:

    Interface: LAN
    Source:  (using single host or alias)
    Destination: any
    Gateway:<the name="" of="" your="" selected="" vpn=""></the>