Select users Split-tunnel vs all-thru OR some sites via VPN

Ask questions about your Access Server configuration here.
Post Reply
ugolee
OpenVpn Newbie
Posts: 2
Joined: Wed Oct 05, 2011 1:52 pm

Select users Split-tunnel vs all-thru OR some sites via VPN

Post by ugolee » Thu Jun 21, 2012 8:16 pm

The issue that I have that certain websites and production machines only allow connections from our office IP addresses. We have split-tunneling enabled for our users so as not to saturate our primary WAN line. But some users need to be able to access the above sites and machines through the VPN connection to be able to access it.

So, we can accomplish this one of two ways:
1) Have a certain group of users pass all of their internet traffic through the VPN
2) Add those sites and servers to a list that OpenVPN will recognize, so as to pass this traffic through the VPN.

Could anyone give me any information as to how to do either of these or which one is preferable/feasible?

User avatar
janjust
Forum Team
Posts: 2703
Joined: Fri Aug 20, 2010 2:57 pm
Location: Amsterdam
Contact:

Re: Select users Split-tunnel vs all-thru OR some sites via

Post by janjust » Fri Jun 22, 2012 9:38 am

I'd go with option #1 : use a 'client-connect' script to put those users in a different subnet, with full access, or use the script to set up firewall rules for those users.

The downside of option #2 is that the routing table on the server might become very lengthy.

ugolee
OpenVpn Newbie
Posts: 2
Joined: Wed Oct 05, 2011 1:52 pm

Re: Select users Split-tunnel vs all-thru OR some sites via

Post by ugolee » Fri Jun 22, 2012 5:52 pm

Where would I be able to find a script that allows me to create a different client config? I can't find how to modify the client config in the OpenVPN client that you download from the Access Server.

User avatar
janjust
Forum Team
Posts: 2703
Joined: Fri Aug 20, 2010 2:57 pm
Location: Amsterdam
Contact:

Re: Select users Split-tunnel vs all-thru OR some sites via

Post by janjust » Sun Jun 24, 2012 10:12 pm

the client-connect script would be on the server side ; I don't if and how it can be done for Access Server, I only know the free community version of openvpn.

Post Reply