Different routing for different users

Post Reply
gjf
OpenVpn Newbie
Posts: 5
Joined: Fri Jan 27, 2017 10:07 am

Different routing for different users

Post by gjf » Mon Feb 22, 2021 1:41 pm

Hi All.

I have the following network configuration and task:
Image
1. Network A and Network B should see one each other.
2. Network A should have internet access through Router, not VPN.
3. Network B should have internet access (does not matter how really).
4. Router acts as gateway, DHCP and DNS for Network A.

This task was easily solved using OpenVPN with client-config-dir for different users (routing was set for each individually)

Now the VPN is OpenVPN AS and I have a problem because I cannot find client-config-dir implementation in it.

So the only I found is manually edit clien.ovpn adding two lines:

Code: Select all

pull-filter ignore redirect-gateway
route 172.27.224.0 255.255.240.0
I don't like this approach as it makes necessary to edit client config files manually.

Is there any other way to implement client-config-dir functionality in OpenVPN AS? I really miss this feature from free product.

User avatar
openvpn_inc
OpenVPN Inc.
Posts: 20
Joined: Tue Feb 16, 2021 10:41 am

Re: Different routing for different users

Post by openvpn_inc » Tue Feb 23, 2021 7:27 pm

Hello gjf,

It seems like Network A can be served with the VPN client gateway functionality in User Permissions through the connected VPN client on the router on the left that's connected to the central VPN server. This functionality is used (double) in our site-to-site guide here, if you want to learn how to do that:
https://openvpn.net/vpn-server-resource ... in-detail/

Code: Select all

pull-filter ignore redirect-gateway
route 172.27.224.0 255.255.240.0
From this I see that you have Internet redirection turned on, and then you turn it off on the client, and then implement a custom route. But if I understand your diagram correctly, that custom route is actually your VPN client subnet. You do not need to push a route for that. That is automatic.

My recommendation would be to turn off Internet redirection in the Admin UI of the Access Server under VPN Settings, so you do not need to use the pull-filter. And to take a look at our site-to-site guide and set up the settings for the user permissions in Access Server for the user account that is connecting the router on the left for that type of connectivity.

I get the feeling that it works for you but only kind of by accident by just redirecting all traffic, and then slapping some patches on the client side, to solve some unwanted behavior. I would suggest trying to set things up where the router on the left is a VPN client gateway to subnet 192.168.111.0/24, and on the Access Server go to VPN Settings > All access to private subnets > yes, using routing > 192.168.111.0/24 and allow VPN clients to access private subnets.

Kind regards,
Johan
Image OpenVPN Inc.
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.nets/support

Post Reply