I’ve been using a mixture of Wireguard and OpenVPN devices in NetworkManager recently. As mentioned in my prior post, I mark the Wireguard interface as unmanaged and bring up the interface manually with a shell script. Most *.ovpn files have redirect-gateway def1 which sends all traffic, except the local LAN traffic, over the VPN. This means that separate LANs you’ve created outside of the VPN will be unaccessible.
There are a couple ways to resolve this depending on how you have the VPN connection configured. In my case, I have a *.ovpn file that I import into NetworkManager and the routes are included in the file. It’s common for OpenVPN files to contain a “redirect-gateway def1” clause which causes all network traffic originating from the client to pass through the OpenVPN server. (Side note: def1 uses 0.0.0.0/1 and 188.8.131.52/1.
To resolve this, I added a new line into my *.ovpn file to reference the existing Wireguard LAN I created.
route WIREGUARD_SUBNET SUBNET_MASK net_gateway
You can also resolve this by adding a new “via” route to the kernel routing table.
Note — if you followed my guide exactly in the prior post then this route will already exist and no change will be needed.