Exclude some local subnets from OpenVPN tunnel

Started by toggenation, June 09, 2026, 06:09:39 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
June 09, 2026, 06:09:39 AM

On OPNsense 26.1.9 my OpenVPN server pushes a route to make both IPv4 and IPv6 the default gateway. So all traffic goes over the tunnel.

Code Select
route push "redirect-gateway def1 ipv6"
I would create an exclusion to cause the OpenVPN client to send some traffic to the local gateway instead of the OpenVPN tunnel

How do I achieve keeping the tunnel as the default gateway and excluding traffic for some subnets from entering the tunnel?

In the past I would have pushed a custom route to the client as follows:
Code Select
route push "10.19.80.0 255.255.255.0 net_gateway"
I've looked at CSO (Client Specific Overrides) and there doesn't appear to be a custom settings field to allow it. (from memory this used to be available before the update to the new instance configuration GUI)

Today at 12:26:35 AM #1
Can get the result wanted by adding the following to the .ovpn file you give to the client

Code Select
redirect-gateway def1 ipv6
route 10.19.80.0 255.255.255.0 net_gateway
Print
Go Up Pages1
User actions