On OPNsense 26.1.9 my OpenVPN server pushes a route to make both IPv4 and IPv6 the default gateway. So all traffic goes over the tunnel.
route push "redirect-gateway def1 ipv6"
I would create an exclusion to cause the OpenVPN client to send some traffic to the local gateway instead of the OpenVPN tunnel
How do I achieve keeping the tunnel as the default gateway and excluding traffic for some subnets from entering the tunnel?
In the past I would have pushed a custom route to the client as follows:
route push "10.19.80.0 255.255.255.0 net_gateway"
I've looked at CSO (Client Specific Overrides) and there doesn't appear to be a custom settings field to allow it. (from memory this used to be available before the update to the new instance configuration GUI)