VPN bypassing(?) VPN

[and]

Hi, new here and to this level of networking equipment in general, it's been a pretty steep learning curve! Tried to search locally and on the wider internet for a solution but due to lack of correct vocabulary I'm not 100% which keywords I should be using.

The (current) aim is to have OPNsense run a VPN for the entire network while also allowing a ShieldTV (static IP) running its own VPN client through the firewall. Tried putting a pass rule in LAN to route the STV direct to WAN gateway instead of to VPN_WAN and made sure it was above the regular traffic rules, also enabled "Don't pull routes." According to the OPNsense dashboard graphs STV still goes through the main VPN tunnel and then onto the correct end point.

It works ok but it's not how I imagine it should be, anyone like to point me to the correct way?

[Sheldon]

You have a VPN client running on OPNsense. Your OPNsense box routes regular traffic (incoming from LAN) to the internet by using this VPN client. This works as intended.

The traffic of one specific LAN client shall not be routed through the VPN client. You want to bypass the VPN client and route the traffic directly to the internet.

I have a similar scenario and this works for me. For my regular traffic the rules use a gateway "OPENVPN_CLIENT_VPNV4" and the other rules use a gateway "WAN_IPv4".

I have no idea why this doesn't work for you, but to me it looks like you are doing it the right way. The only difference i see is that you are using the dashboard graphs to see if your routing works as intended, while i use "what is my ip address" websites for verification.

Edit: In my OpenVPN configuration i have "Don't pull routes" disabled and "Don't add/remove routes" enabled. I don't know if that makes sense, but i'm glad it works and i don't want to touch it ;-)