I'm trying to set up some kind of "split tunneling" of OpenVPN which just advertises one routed local address from corporate environment and nothing else. My configuration works from an Android phone, but not from Windows. Seems like it's a routing problem. My configuration:
Server config
port 1194
proto udp
dev tun0
comp-lzo
management 127.0.0.1 1194
keepalive 10 120
persist-key
persist-tun
client-config-dir /etc/openvpn/ccd
status openvpn-status.log
verb 3
server 10.55.255.40 255.255.255.248
route 172.30.40.252 255.255.255.252
ca /etc/openvpn/certificates/ca/ca.crt
cert /etc/openvpn/certificates/server/server.crt
key /etc/openvpn/certificates/server/server.key
dh /etc/openvpn/certificates/server/dh2048.pem
My ccd config
ifconfig-push 172.30.40.253 172.30.40.254
client.ovpn config
client
dev tun
proto udp
remote myremoteaddress 1194
route 192.168.97.3 255.255.255.255
resolv-retry infinite
nobind
persist-key
persist-tun
comp-lzo
verb 3
ns-cert-type server
script-security 2
and the rest of PKI stuff...
My internal firewall rule to allow traffic
-A FORWARD -i tun0 -s 172.30.40.253/32 -d 192.168.97.3/32 -p tcp -m tcp --dport 3389 -j ACCEPT
172.30.40.253 is my OVPN tunnel client address.
192.168.97.3 is the address I want to reach on the corporate internal network.
This local address is on a different VLAN network then the OVPN servers internal interface. I use static route instead of NAT, 172.30.40.252/30 is routed back to the OVPN server from the central FW. As I stated, this config works, If I connect from an Android device, but not from WIndows.
What's wrong with my config? I was still trying the push route option in the server config, but without any success.
Thank you in advance.