This step is necessary so that you can go on and off the VPN easily without having to mess with software on your machine or the firewall config.  If you want to check your bank balance or watch Netflix on your computer, you’ll need a way to not be on the protected VPN.  These steps provide for that.

Subnetting can be a real bitch, frankly.  This tutorial will approach things as simply as possible and practical.   This part is the warm up, the messy bits come later.


The diagram at left puts a picture to words: your home subnet is still like any other subnet except as far as pfSense is concerned you have a separate segment – it uses this to determine what to send out the spread spectrum VPN and what to treat as “normal”, the same way it always has.

  • Any computer with an IP address ending in .1 through .207 will route out the spread spectrum VPN
  • The computers ending in .208 through .223 will not, they’ll go straight to your internet service provider.

Part 1: “no worries”

If you click on the image at right you’ll see an example of the LAN interface – it’s set up like any other /24, or default/out of the box.  This demonstrates that the /28 is a logical separation – an alias – not a LAN setting.

This makes things much easier.

Part 2: “the details”

This screenshot shows the creation of an alias.  This is what makes it so your work computer at doesn’t go out the SSVPN but acts like any other computer going right out your Internet line where your ISP can see and watch everything… or if you just wanna watch Netflix.

Next step: you need a place to route to, so it’s time to set up your VPN provider.

Leave A Reply