[Feature request] Allow access to LAN but not route whole internet via VPN

Lastimosa · October 12, 2025, 7:38pm

Would it be possible to add this feature to the GUI of the stock firmware?

bruce · October 13, 2025, 1:37am

Hello,

May I clarify that you want to only LAN access is allowed, and not accessing the Internet via VPN, and also not accessing the Internet via WAN?
Or do you mean that not accessing the Internet via VPN, but allowing WAN access to the Internet?

Lastimosa · October 13, 2025, 1:58am

Thanks @bruce This is exactly what I meant. Allowing access to my LAN resources at home/work from remote clients but without routing the whole internet through the VPN tunnel back to the server. i.e. like changing the WG Client’s Peer settings to: AllowedIPs = 192.168.8.0/24. It woukld be great if this could be done from the user interface but also to add this feature to OpenVPN as well.

Something like this setting on Asus routers when generating a VPN client’s config file:

bruce · October 14, 2025, 8:05am

Set up the Specified Domain/IP List in VPN Dashboard of VPN client:

In this way, only accessing resources of subnet 192.168.8.0/24 will go to the VPN tunnel, and the rest of the traffic will go to the WAN.