I setup my OpenVPN server a few months back using the redirect-gateway def1 option to configure all traffic from a client to traverse the OpenVPN server. Since the server was originally set up we no longer want this behavior and want to only have traffic destined for a specific subnet traverse the OpenVPN connection.
To accomplish I thought all i would need to do is:
1) added the push route statements for the appropriate subnets
2) commented out the push redirect-gateway lines
After changing our configuration and restarting the openvpn daemon I am still getting my default route on clients changed to flow through OpenVPN. I looked around and from what I've read/gathered from other forum posts removing the redirect-gateway line should stop the default route(s) from going out. Am I missing something? How can I stop these routes from going out?
Routes I don't want added:
0.0.0.0 220.127.116.11 192.168.206.5 192.168.206.6 30
18.104.22.168 22.214.171.124 192.168.206.5 192.168.206.6 30
Client Received control message (I believe "route 192.168.206.1 is" in the server's PUSH line is the culprit):
Sun Oct 14 01:46:17 2012 PUSH: Received control message: 'PUSH_REPLY,route 192.168.192.0 255.255.240.0,,dhcp-option DNS 192.168.195.10,dhcp-option DNS 192.168.195.11,dhcp-option DOMAIN sea1.office.priv,route 192.168.206.1,topology net30,ping 10,ping-restart 120,ifconfig 192.168.206.6 192.168.206.5'
key /etc/openvpn/certs/server.key # This file should be kept secret
server 192.168.206.0 255.255.255.0
push "route 192.168.192.0 255.255.240.0"
push "dhcp-option DNS 192.168.195.10"
push "dhcp-option DNS 192.168.195.11"
push "dhcp-option DOMAIN mydomain.com"
keepalive 10 120
plugin /usr/share/openvpn/plugin/lib/openvpn-auth-ldap.so /etc/openvpn/openvpn-ldap.config
remote myvpn-server.mydomain.com 1194