Hello,
Could someone give me an hint on how to achieve the following :
I would like users to access the corporate network via split tunneling to reduce traffic while still having access to the Internet for everything else.
Problem is, I have a few public IP ranges that are only accessible from the corporate network.
Example :
- My VPN range is 172.27.40.0/24
- The VPN Gateway is 172.27.40.1
- My corporate network is 10.10.10.0/24
- My OpenVPN corporate network address is 10.10.10.10
- The public IP range I'm trying to reach is 66.66.66.66/29
Obviously, my knowledge in networking is limited. How should I proceed?
Thank you,
Mike
Newbie question - Split tunneling
-
- OpenVpn Newbie
- Posts: 3
- Joined: Tue May 04, 2021 1:29 am
Newbie question - Split tunneling
Last edited by mikegaum on Tue May 04, 2021 4:42 am, edited 1 time in total.
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
-
- OpenVpn Newbie
- Posts: 3
- Joined: Tue May 04, 2021 1:29 am
Re: Newbie question - Split tunneling
Really?
I won't try to justify why I'm asking, but that's a poor response.
EDIT : When I try to add the following route to my client :
route add 66.66.66.66 mask 255.255.255.224 172.27.40.1
It seems to be stuck on 172.27.40.1 when trying to contact the 66.66.66.66 network.
-
- OpenVPN Power User
- Posts: 156
- Joined: Thu Mar 28, 2013 8:31 am
Re: Newbie question - Split tunneling
With OpenVPN AS, you should not be modifying the client ovpn configuration file or modifying the server iptables directly. It is intended that you do everything either through the admin web portal or using sacli
VPN
The settings you are looking for are in the admin portal, go to Configuration -> VPN Settings
Then to enable split tunneling change to No the following setting:
"Should client Internet traffic be routed through the VPN?"
To add subnets to be routed through the VPN, go to:
Specify the private subnets to which all clients should be given access (one per line)
The term "private subnets" might be a little confusing. They are using the term only to mean ones in which the traffic is kept private via the VPN tunnel. This is not the same as RFC 1918 private address spaces. You can include 66.66.66.64/27 in this setting.
Once you made the changes, make sure you click the "Save Settings" button and confirm restarting the OpenVPN AS service.
You should then go back to the customer web portal and download the updated configuration file.
VPN
The settings you are looking for are in the admin portal, go to Configuration -> VPN Settings
Then to enable split tunneling change to No the following setting:
"Should client Internet traffic be routed through the VPN?"
To add subnets to be routed through the VPN, go to:
Specify the private subnets to which all clients should be given access (one per line)
The term "private subnets" might be a little confusing. They are using the term only to mean ones in which the traffic is kept private via the VPN tunnel. This is not the same as RFC 1918 private address spaces. You can include 66.66.66.64/27 in this setting.
Once you made the changes, make sure you click the "Save Settings" button and confirm restarting the OpenVPN AS service.
You should then go back to the customer web portal and download the updated configuration file.
-
- OpenVpn Newbie
- Posts: 3
- Joined: Tue May 04, 2021 1:29 am
Re: Newbie question - Split tunneling
I was pushing the route directly on the client for testing purposes.
Indeed, I thought "Private Subnets" meant internal corporate networks which is why those are working as intended at the moment.
Will try this as soon as possible.
Thanks for the support!
EDIT : Works great... feel bad for not trying it sooner.
Thanks!
Indeed, I thought "Private Subnets" meant internal corporate networks which is why those are working as intended at the moment.
Will try this as soon as possible.
Thanks for the support!
EDIT : Works great... feel bad for not trying it sooner.
Thanks!