OpenVPN full and split tunnel on one instance with client override

[ivica.glavocic]

OPNSense v25.7.2 with OpenVPN server v2.6.14. Full tunnel (Internet trough OPNSense) is configured with Google TOTP and works OK. OpenVPN TUN instance on UDP port 443 with float and persist-remote-ip options is pushing block-outside-dns, register-dns and explicit-exit-notify to clients. Redirect Gateway on instance is set to default. Firewall rules control access to internal resources and Internet correctly.

For some users I would like to set up split tunnel on same OpenVPN instance, so I created client specific overrides with their own network and adequate firewall rules. For those users, access to internal resources works, but Internet is still going trough OPNSense, I cannot get split tunnel for them no matter what option on Redirect Gateway I activate.

Any chance to get split tunnel for specific users trough client specific overrides?