Excluding an IP range from redirect gateway

Use this forum to share your network setup and what's been working for you.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Post Reply
MadTBone
OpenVpn Newbie
Posts: 1
Joined: Fri Sep 03, 2010 6:03 pm

Excluding an IP range from redirect gateway

Post by MadTBone » Fri Sep 03, 2010 6:08 pm

Here are a couple of simple lines for your CCD files that will redirect all traffic except for a specific IP range, in this case 10.0.0.0/16:

Code: Select all

push "route 10.0.0.0 255.255.0.0 net_gateway"
push "redirect-gateway def1"

Seanster
OpenVpn Newbie
Posts: 1
Joined: Thu Feb 10, 2011 11:22 pm

Re: Excluding an IP range from redirect gateway

Post by Seanster » Fri Feb 11, 2011 2:35 am

Old thread yes, but thank you so much for that tip!

In my case, I first establish a dialup connection which becomes the default route.

All internet traffic has to pass through the isp's proxy server. Let's call it 10.128.1.1.
This proxy server is (typically) on a different subnet than my dialup connection.

So my openvpn client configuration specifies this proxy server.

Then, thru this proxy, it makes a connection to my private server w.x.y.z running openvpn on port 443.

(their fascist proxy server of course blocks the openvpn port 1194, so I have to use 443)

Since the isp's proxy otherwise interferes with my traffic, I want ALL my traffic to flow through my vpn instead.

To do that I use the "redirect-gateway" directive.

The problem with this is that it breaks my tunnel. The packets destined for the proxy server now go out the default gateway which is the vpn.

I couldn't push a static route to the client because the dialup connection receives a random dhcp ip. You could never know what the gateway address is going to be ahead of time.

So that's where the "net_gateway" trick works like a charm.

push "route 10.128.1.1 255.255.0.0 net_gateway"

I'm hardly a noob but despite the brief mention this gets in the documentation I had never figured it out before now. Perhaps this long winded post will help someone else out.

BTW; This scenario applies to bluetooth tethered cell phones using oldskool GSM/EDGE networks. These days you can get cheap unlimited (on-device) browsing but nobody cares if you're tethering anymore.

-Sean

Douglas
Forum Team
Posts: 285
Joined: Wed Aug 27, 2008 2:41 am

Re: Excluding an IP range from redirect gateway

Post by Douglas » Mon May 16, 2011 3:24 am

MadTBone wrote:Here are a couple of simple lines for your CCD files that will redirect all traffic except for a specific IP range, in this case 10.0.0.0/16:

Code: Select all

push "route 10.0.0.0 255.255.0.0 net_gateway"
push "redirect-gateway def1"
Good little tip, added it to my bookmarks for quick reference!

kuhn007
OpenVpn Newbie
Posts: 1
Joined: Fri Nov 14, 2014 4:01 pm

Re: Excluding an IP range from redirect gateway

Post by kuhn007 » Fri Nov 14, 2014 8:18 pm

Thanks a lot for the post. Works great and I don't need to worry about my clients reaching out to the LAN :)

Post Reply