Excluding specific LAN IP's from using NordVPN (OpenVPN) as their WAN IP.

[fbeye]

Hello

Just wanted to verify I am doing this right, or if there is a more legitimate way.
All I am doing is under LAN 'outbound' I am assigning said LAN IP to have 'wan' gateway, not nordvpn gateway.
It has been working thus far (have i been lucky?) but then my girlfriends laptop, with same ip on this bypass setup, was denied from Hulu for being on VPN...But it isn't!!! [at least based upon how I said I did it].

[Bob.Dig]

Maybe show the alias and your LAN rules? And check with whatsmyip or similar.

[fbeye]

I will look into that.

This is my home network, very small and simple so I have not used aliases thus far, just IP's cause I know each IP to each device, neither here nor there. I will look into aliases either way.
I will test your recommendation, when all is set as I believe it is, I will see what the "whatsmyip" results are.
For now, my LAN Rule...

[fbeye]

LAN

[Bob.Dig]

I guess I would put the last rule first and how do you manged to have this many gateways?

[vpx23]

The last rule is obsolete because LAN-to-LAN traffic is handled by your switch and not by the router (OPNsense in this case).

[fbeye]

Hi!

I have a block of 8 static ip's (5 usable) so really my [main] LAN uses WAN_PPPOE which with NordVPN active, uses that, so I gave the IP's in question the gateway of WAN_PPPOE to bypass the NordVPN, for Hulu/Netflix.
I mean I may be doing it wrong, but it works [?] BUT am absolutely open to suggestion.

Unless 1.) OPNSense made that last obsolete lan-to-lan or 2.) Nordvpn did, I did not so I suppose I will remove it and see how it goes.

[Bob.Dig]

The last rule is obsolete because LAN-to-LAN traffic is handled by your switch and not by the router (OPNsense in this case).

At least in my mind, the firewalls interface is included here so it would serve some purpose.

[fbeye]

Morning.

So was the way I was doing it right? I made an Alias for the 4 IP’s that so want “out” of the NordVPN (and they are set statically on the devices) 2 x TV, 1 x XBox and 1 x GF Laptop). Is my way the right way? Simply making a LAN “out” to use the WAN_PPPOE as their GW to bypass the NordVPN GW or is there a setting/config in the NordVPN/OpenVPN to exclude IP’s?

[vpx23]

We need to know what are WAN_PPOE (interface or gateway?), 178_Out, 180_OUT, 179_Out, NORDVPN_VPN4 or we won't get any further. I'm not sure if there are actually any gateways set up under System->Gateways->Single.

[fbeye]

WAN_PPPOE = The Gateway by default for the OPNSense, what EVERY IP in the 192.168.5.0 Network uses by default. x.x.x.182

178_Out = x.x.x.178, I have 192.168.5.178 use 178_Out for it to have outbound/inbound on THAT WAN IP. When I do not set it, it maybe have it's correct WAN IN, bout when I say whatsmyip, it shows .182, not 178. So that is that.
180_Out = x.x.x.180 (192.168.5.180), 179_Out = x.x.x.179 (192.168.5.179)
NORDVPN_VPN4 = the automatic created WAN/Gateway when I set up OpenVPN with NordVPN...When enabled, ALL 192.168.5.0 use it for Internet..... I am wanting to exclude several LAN ip's from the NORDVPN, so I make said LAN IP's use WAN_PPPOE as the gateway, as to not be on the VPN.
I am sorry, I really am unsure what to explain as far as what details are important. I hope this makes sense.

[vpx23]

OK,

1. Show us a screenshot of System->Gateways->Single
2. Show us a screenshot of Interfaces->WAN
3. Show us a screenshot your VPN->OpenVPN (->Clients?) configuration
(black out any passwords)

www.whatismyip.com will show your public IP address of the WAN interface not your private address inside the LAN.

Also you can't have the source address of your LAN devices as a gateway. Are these xxx_Out aliases in Firewall->Aliases?

[fbeye]

VPN Currently down until I figure this out... No aliases for xxx_out, I just use the IP's as I know them by heart

[fbeye]

What I want to do in the grand scheme of things;

NONVPN   (My actual WAN) - 192.168.5.2-100
OpenVPN  (States VPN)      - 192.168.5.101-150
OpenVPN  (OffShore VPN)  - 192.168.5.151-200

[vpx23]

First you need to create 3 host aliases, just call them as you listed:

Name: NONVPN:
Content: 192.168.5.2-192.168.5.100

Name: OpenVPN_USA
Content: 192.168.5.101-192.168.5.150

Name: OpenVPN_INT
Content: 192.168.5.151-192.168.5.200

In the LAN rules change the source of #1 to NONVPN.

In rule #5 change the source to OpenVPN_INT and the destination to any (to be changed later).

In rule #6 change the source to OpenVPN_USA.

Delete the rules #2, #3, #4 and #7

Delete the Out-Gateways because they don't make any sense.

Now you just have to get your USA OpenVPN working and add another one for your offshore VPN.

Enter the gateway for the offshore VPN in the rule with the OpenVPN_INT source.