Accessing a VIP IP on the WAN side when connecting to openVPN

[mauzilla]

I have a number of 1:1 NAT's configured between WAN and LAN, and all of the WAN IP's are VIP's (IP's routed through my primary WAN IP).

When I connect to openVPN, I can access the LAN side, but none of the WAN VIP IP's are responding either to ping - I cannot even see the traffic within the firewall, almost as if my request is getting lost between openVPN and the routes.

In my local openVPN confige I have route-nopull and only route selected IP's through my VPN. In principle this works as I can still connect to the LAN using my VPN connection, but when we have services setup with an external DNS server (which points to the public IP), it's a tedeous task to keep updating local openVPN configuration.

So question time:

• Has anyone setup something similar where they're able to connect to the openVPN server and still have access to the WAN virtual IPs?
• My next option seems to be running a DNS server in opnsense so that connected VPN clients can hopefully get the record from the internal DNS VS external one. I am however only getting this to work if I change my network settings on my laptop and change my WIFI / lan DNS to point to the WAN IP of the gateway. If I don't, my network interface disregards the internal DNS and still points to the external DNS servers (like 8.8.8.
  

What is the correct / recommended / "industry norm" when it comes to this kind of setup? I imagine I am not configuring my various services correctly or the way it was intended on working.

[bartjsmit]

What is the correct / recommended / "industry norm" when it comes to this kind of setup?

Split DNS https://en.wikipedia.org/wiki/Split-horizon_DNS

Internal traffic stays internal and WAN traffic uses the VIP's and any other public IP's.

Bart...