I have some for time trying to migrate away from pfsense with my last mile stone is to forward 1 host on the same subnet but not all hosts on that subnet via the VPN so the 1 host only use the VPN as default route but can still respond to queries from VMs on the same subnet.
So far i have only been able to get correct routing when i static route a destination ( for instance 220.127.116.11/32 with next-hop being interface wg4 and 10.20.30.8 can only access 18.104.22.168/32 and nothing else) but this solution is not really good for me.
Here is more detailed info:
pfSense runs currently with xx.xxx.xx.23/26 for WAN and 10.20.30.1/24 for LAN
VyOS runs with xx.xxx.xx.24/26 and 10.20.30.40/24 for LAN as part of the migration in small steps
the subnet with my VMs are: 10.20.30.0/24
the host i want WAN traffic forwarded to only go via the VPN is: 10.20.30.8/32
The VPN i want to use resides on interface wg4
My setup from pfSense:
i created a FW rule that blocks 10.20.30.8/32 from using regular WAN interface to go online
Then i created a FW rule that allows 10.20.30.8/32 to access the Internet via the openvpn interface that is the VPN im using.
Then there is a nat rule that allows 10.20.30.8/32 to be NATed to the IP of whatever the VPN server has for IP.
Any help or tips would be greatly appreciated