Force IP adresses to go throught the Server

This forum is for general conversation and user-user networking.
Post Reply
marc_al
OpenVpn Newbie
Posts: 11
Joined: Thu Oct 13, 2011 5:11 am

Force IP adresses to go throught the Server

Post by marc_al » Sat Oct 15, 2011 4:45 am

Hello,

I would like to force the traffic from one computer (connected to the network by openvpn to use the Openvpn server to go on some web sites.
Here is an example :
My work ISP gives me an IP address (for example 1.2.3.4)
At home I have another fixed ip address (5.6.7.8).
I want to use a service from my work isp, but the service is firewalled. Only the adress 1.2.3.4 will be able to use the service.
So I have added the lines
push "route 212.71.0.11 255.255.255.255"
push "route 212.71.16.196 255.255.255.255"
by thinking that it would be fine, but it doesn't work.

I have also used the command on my computer and it doesn't work.
route add 212.71.0.11 mask 255.255.255.255 192.168.123.254
route add 212.71.16.196 mask 255.255.255.255 192.168.123.254

Can you please tell me what I am missing?

If I use PPTP instead of openvpn, there is no problem with the command so I suppose I have to do something else for it to work with openvpn.
Thank you
Marc

User avatar
Mimiko
Forum Team
Posts: 1568
Joined: Wed Sep 22, 2010 3:18 am

Re: Force IP adresses to go throught the Server

Post by Mimiko » Sat Oct 15, 2011 6:35 am

This is not an OpenVPN matter.
You have to configure iptables on OpenVPN server as well to route traffic for that ip from tunell to GW.

marc_al
OpenVpn Newbie
Posts: 11
Joined: Thu Oct 13, 2011 5:11 am

Re: Force IP adresses to go throught the Server

Post by marc_al » Sat Oct 15, 2011 10:36 am

Hello,

I don't understand what you mean :oops:
What is iptable? I was thinking that it was a firewall on Linux?

I am on Windows 2008 Server R2
Is it a parameter in the config of openvpn on the server?
is it something else
Thank you
Marc

User avatar
Mimiko
Forum Team
Posts: 1568
Joined: Wed Sep 22, 2010 3:18 am

Re: Force IP adresses to go throught the Server

Post by Mimiko » Sat Oct 15, 2011 10:53 am

Oh, sorry, forget you are on windows.

You have to use on server some network share solution: 3rd software or internal internet sharing. So any access from tunnel to internet is allowed and NATed.

On clients you are doing write, adding routes for the specific sites to go thru tunnel.

marc_al
OpenVpn Newbie
Posts: 11
Joined: Thu Oct 13, 2011 5:11 am

Re: Force IP adresses to go throught the Server

Post by marc_al » Sat Oct 15, 2011 2:45 pm

Hello,

Thank you I have seen the parameter : on the properties of the Local connection (192.168.123.25) I have enabled the sharing of the port I need (5060 for voip and now all is fine).

Marc

Post Reply