Routing only certain public IP's through VPN

Business solution to host your own OpenVPN server with web management interface and bundled clients.
Post Reply
ronreactcs
OpenVpn Newbie
Posts: 1
Joined: Tue Nov 05, 2019 5:22 am

Routing only certain public IP's through VPN

Post by ronreactcs » Tue Nov 05, 2019 5:30 am

I am trying to figure out how to route only certain public IP addresses as well as private IP's through the VPN (I do not want to route all public IP destinations through the VPN).

How does one go about configuring this in OpenVPN-AS? In the admin page there is a setting to route ALL internet traffic through the VPN (which works). But I'm not tracking how one goes about routing only some internet traffic through the VPN.

I've tried using route in the client config but the settings don't seem to be picked up (added route-nopull and route <destination ip address> to the client config).

Any guidance is appreciated. Thanks in advance

egutierrez_osigu
OpenVpn Newbie
Posts: 1
Joined: Tue Oct 12, 2021 7:14 pm

Re: Routing only certain public IP's through VPN

Post by egutierrez_osigu » Tue Oct 12, 2021 7:24 pm

I had the same scenario and since someone might find this in the future here is what you have to do.
1) Heads up this works on the OpenVPN-AS deployed in AWS, don't know about other versions.
2) Login to the admin console and go directly to Configuration -> VPN Settings and scroll down to Routing
3) You may have routing set the option Should VPN clients have access to private subnets (non-public networks on the server side)? to Yes, using Routing, change this to Yes, using NAT don't worry this will work as before on the next 2 steps
4) Make sure the option Specify the private subnets to which all clients should be given access (one per line): you fill it with both private and public addresses you want to route via the VPN.
5) Make sure you click Save Settings at the bottom but do not update the server just yet.
6) Navigate to Configuration -> Advanced VPN and scroll down to the option List of private subnets (one per line), which should be reachable via routing instead of NAT:
7) Fill in this text block only the private subnets of the step 4. Here is where the configuration returns back to normal as all this subnets will not be NAT'ed
8) Click Save Settings at the bottom and this time do click Update the running server at the top of the page.

That's all you need to NAT specific public addresses and normally route private subnets.

Hope this helps someone in the future

PapaDiPapu
OpenVpn Newbie
Posts: 1
Joined: Mon Jun 06, 2022 10:33 pm

Re: Routing only certain public IP's through VPN

Post by PapaDiPapu » Mon Jun 06, 2022 10:43 pm

Thanks a lot, @egutierrez_osigu! I was struggling with this, and stumbled across your post. It helped a lot!
In my case, I only needed to route 2 public IPs via the VPN (no additional private IP/network other then the VPN network itself).

I added the public IPs to "Should VPN clients have access to private subnets (non-public networks on the server side)? > Yes, using NAT". (The VPN private network was already there.)

Then I tried both with and then without adding the VPN private network to Configuration -> Advanced VPN > List of private subnets (one per line), which should be reachable via routing instead of NAT". In both cases, traffic to the public IPs I had specified was routed through the VPN.

Thanks again!

Post Reply