Internet traffic - only specific clients

[mirky]

Hello there

I am a little puzzled by something, but maybe there is a simple solution?.

In "VPN Settings", i can change "Should client Internet traffic be routed through the VPN?" to yes, and all clients will have their internet traffic routed thru the server.
But what if I only want specific users/clients do this?.

[TinCanTech]

Please see:
viewtopic.php?f=30&t=22603

[mirky]

okay, here is some more information. Tho, i just saw as generel question.

GOAL: Disable routing internet traffic for certain users/clients thru the OpenVPN Access Server.
Since I only see a global option for this in the server web-gui, I am thinking it must be done in the .ovpn client file.
I would use different profiles depending on what i want to do. Is there a better solution?. I really don't understand why there is not a option for this under each individual user, to route internet or not.

Setup:
OpenVPN Access Server - v2.7.4 - AWS Hosted, from marketplace, on Ubuntu 18.04.2 LTS
OpenVPN Connect - v2.7.1.101 - Running on Windows 10



Server Config:
..... not sure how to get to this.. not in /etc/.. but in other file.
The setup is barebones, fresh install, only with "Should client Internet traffic be routed through the VPN?" set to yes.

Client Config .ovpn config file:
The "--pull-filter ignore redirect-gateway", i am trying to use to make it not route internet traffic thru the vpn server.
I got it from here. https://community.openvpn.net/openvpn/w ... ectGateway
But i am not sure if that is correct or i need something else, or more.
Question. Are the double -- dash needed?, and does it matter where it is placed in the config file?.

Code: Select all

..............  commented stuff omitted....

setenv FORWARD_COMPATIBLE 1
client
--pull-filter ignore redirect-gateway
server-poll-timeout 4
nobind
remote 18.--vpn-server-ip 1194 udp
remote 18.--vpn-server-ip 1194 udp
remote 18.--vpn-server-ip 443 tcp
remote 18.--vpn-server-ip 1194 udp
remote 18.--vpn-server-ip 1194 udp
remote 18.--vpn-server-ip 1194 udp
remote 18.--vpn-server-ip 1194 udp
remote 18.--vpn-server-ip 1194 udp
dev tun
dev-type tun
ns-cert-type server
setenv opt tls-version-min 1.0 or-highest
reneg-sec 604800
sndbuf 0
rcvbuf 0
# NOTE: LZO commands are pushed by the Access Server at connect time.
# NOTE: The below line doesn't disable LZO.
comp-lzo no
verb 3
setenv PUSH_PEER_INFO

.... certificates  stuff omitted.....

Client Routing table when connected:

Code: Select all

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0        10.1.10.1      10.1.10.101    281
          0.0.0.0        128.0.0.0     172.27.232.1     172.27.232.4    257
        10.1.10.0    255.255.255.0         On-link       10.1.10.101    281
      10.1.10.101  255.255.255.255         On-link       10.1.10.101    281
      10.1.10.255  255.255.255.255         On-link       10.1.10.101    281
    18.196.25.116  255.255.255.255        10.1.10.1      10.1.10.101    281
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    331
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    331
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    331
        128.0.0.0        128.0.0.0     172.27.232.1     172.27.232.4    257
      169.254.0.0      255.255.0.0         On-link     169.254.18.48    281
    169.254.18.48  255.255.255.255         On-link     169.254.18.48    281
  169.254.255.255  255.255.255.255         On-link     169.254.18.48    281
     172.27.232.0    255.255.248.0         On-link      172.27.232.4    257
     172.27.232.4  255.255.255.255         On-link      172.27.232.4    257
   172.27.239.255  255.255.255.255         On-link      172.27.232.4    257
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    331
        224.0.0.0        240.0.0.0         On-link     169.254.18.48    281
        224.0.0.0        240.0.0.0         On-link       10.1.10.101    281
        224.0.0.0        240.0.0.0         On-link      172.27.232.4    257
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    331
  255.255.255.255  255.255.255.255         On-link     169.254.18.48    281
  255.255.255.255  255.255.255.255         On-link       10.1.10.101    281
  255.255.255.255  255.255.255.255         On-link      172.27.232.4    257
===========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
          0.0.0.0          0.0.0.0        10.1.10.1  Default
===========================================================================

Server Log:

Code: Select all

2019-09-23T17:42:15+0000 [stdout#info] [OVPN 1] OUT: 'Mon Sep 23 17:42:15 2019 lan-with-inet_AUTOLOGIN/Hide-my-ip:5287 SIGTERM[soft,remote-exit] received, client-instance exiting'
2019-09-23T17:49:32+0000 [stdout#info] [OVPN 1] OUT: 'Mon Sep 23 17:49:32 2019 Hide-my-ip:7305 TLS: Initial packet from [AF_INET]Hide-my-ip:7305 (via [AF_INET]172.31.39.10%eth0), sid=bf88a737 3fad61b9'
2019-09-23T17:49:32+0000 [stdout#info] [OVPN 1] OUT: 'Mon Sep 23 17:49:32 2019 Hide-my-ip:7305 VERIFY OK: depth=1, /CN=OpenVPN CA'
2019-09-23T17:49:32+0000 [stdout#info] [OVPN 1] OUT: 'Mon Sep 23 17:49:32 2019 Hide-my-ip:7305 VERIFY OK: nsCertType=CLIENT'
2019-09-23T17:49:32+0000 [stdout#info] [OVPN 1] OUT: 'Mon Sep 23 17:49:32 2019 Hide-my-ip:7305 VERIFY OK: depth=0, /CN=lan-with-inet_AUTOLOGIN'
2019-09-23T17:49:32+0000 [stdout#info] [OVPN 1] OUT: 'Mon Sep 23 17:49:32 2019 Hide-my-ip:7305 peer info: IV_GUI_VER=ovpnmi_1.0.0'
2019-09-23T17:49:32+0000 [stdout#info] [OVPN 1] OUT: 'Mon Sep 23 17:49:32 2019 Hide-my-ip:7305 peer info: IV_VER=3.2__qa:d87f5bbc04)'
2019-09-23T17:49:32+0000 [stdout#info] [OVPN 1] OUT: 'Mon Sep 23 17:49:32 2019 Hide-my-ip:7305 peer info: IV_PLAT=win'
2019-09-23T17:49:32+0000 [stdout#info] [OVPN 1] OUT: 'Mon Sep 23 17:49:32 2019 Hide-my-ip:7305 peer info: IV_NCP=2'
2019-09-23T17:49:32+0000 [stdout#info] [OVPN 1] OUT: 'Mon Sep 23 17:49:32 2019 Hide-my-ip:7305 peer info: IV_TCPNL=1'
2019-09-23T17:49:32+0000 [stdout#info] [OVPN 1] OUT: 'Mon Sep 23 17:49:32 2019 Hide-my-ip:7305 peer info: IV_PROTO=2'
2019-09-23T17:49:32+0000 [stdout#info] [OVPN 1] OUT: 'Mon Sep 23 17:49:32 2019 Hide-my-ip:7305 peer info: IV_LZO=1'
2019-09-23T17:49:32+0000 [stdout#info] [OVPN 1] OUT: 'Mon Sep 23 17:49:32 2019 Hide-my-ip:7305 peer info: IV_LZO_SWAP=1'
2019-09-23T17:49:32+0000 [stdout#info] [OVPN 1] OUT: 'Mon Sep 23 17:49:32 2019 Hide-my-ip:7305 peer info: IV_LZ4=1'
2019-09-23T17:49:32+0000 [stdout#info] [OVPN 1] OUT: 'Mon Sep 23 17:49:32 2019 Hide-my-ip:7305 peer info: IV_LZ4v2=1'
2019-09-23T17:49:32+0000 [stdout#info] [OVPN 1] OUT: 'Mon Sep 23 17:49:32 2019 Hide-my-ip:7305 peer info: IV_COMP_STUB=1'
2019-09-23T17:49:32+0000 [stdout#info] [OVPN 1] OUT: 'Mon Sep 23 17:49:32 2019 Hide-my-ip:7305 peer info: IV_COMP_STUBv2=1'
2019-09-23T17:49:32+0000 [stdout#info] [OVPN 1] OUT: 'Mon Sep 23 17:49:32 2019 Hide-my-ip:7305 peer info: IV_AUTO_SESS=1'
2019-09-23T17:49:32+0000 [stdout#info] [OVPN 1] OUT: 'Mon Sep 23 17:49:32 2019 Hide-my-ip:7305 peer info: UV_ASCLI_VER=2.7.1.101'
2019-09-23T17:49:32+0000 [stdout#info] [OVPN 1] OUT: 'Mon Sep 23 17:49:32 2019 Hide-my-ip:7305 peer info: UV_PLAT_REL=Windows_10_Enterprise_6.3.18362'
2019-09-23T17:49:32+0000 [stdout#info] [OVPN 1] OUT: 'Mon Sep 23 17:49:32 2019 Hide-my-ip:7305 peer info: IV_HWADDR=2c:56:dc:49:bf:34'
2019-09-23T17:49:32+0000 [stdout#info] [OVPN 1] OUT: "Mon Sep 23 17:49:32 2019 Hide-my-ip:7305 TLS: Username/Password authentication deferred for username '' "
2019-09-23T17:49:32+0000 [stdout#info] ::.[usersvc.py, Line 571] Client created.::
2019-09-23T17:49:32+0000 [stdout#info] **** CLIENT_CONNECT User=u'lan-with-inet', CN=u'lan-with-inet_AUTOLOGIN', DID/CID=('1', 3), SerList=()
2019-09-23T17:49:32+0000 [stdout#info] FORCE_UNIQUE True
2019-09-23T17:49:32+0000 [stdout#info] CC_CMDS
2019-09-23T17:49:32+0000 [stdout#info] compress stub-v2
2019-09-23T17:49:32+0000 [stdout#info] push "compress stub-v2"
2019-09-23T17:49:32+0000 [stdout#info] push "redirect-gateway def1"
2019-09-23T17:49:32+0000 [stdout#info] push "redirect-gateway bypass-dhcp"
2019-09-23T17:49:32+0000 [stdout#info] push "redirect-gateway autolocal"
2019-09-23T17:49:32+0000 [stdout#info] ifconfig-push 172.27.232.5 255.255.248.0
2019-09-23T17:49:32+0000 [stdout#info] push "route-gateway 172.27.232.1"
2019-09-23T17:49:32+0000 [stdout#info] push "dhcp-option DNS 172.31.0.2"
2019-09-23T17:49:32+0000 [stdout#info] push "register-dns"
2019-09-23T17:49:32+0000 [stdout#info] push "block-ipv6"
2019-09-23T17:49:32+0000 [stdout#info] ACTIONS
2019-09-23T17:49:32+0000 [stdout#info] <ActionIPT u'iptables -t filter -R AS0_OUT 1 -d 172.27.232.5 -j AS0_U_LANWITHI_OUT'>
2019-09-23T17:49:32+0000 [stdout#info] <ActionEffect func=<function <lambda> at 0x7fbd3911fcf8> type='mod_inc'>
2019-09-23T17:49:32+0000 [stdout#info] UNDO_ACTIONS
2019-09-23T17:49:32+0000 [stdout#info] <ActionEffect func=<function <lambda> at 0x7fbd388eb500> type='dynamic_ip'>
2019-09-23T17:49:32+0000 [stdout#info] <ActionIPT 'iptables -t filter -R AS0_OUT 1 -d 0.0.0.0'>
2019-09-23T17:49:32+0000 [stdout#info] <ActionEffect func=<function <lambda> at 0x7fbd3911f8c0> type='mod_dec'>
2019-09-23T17:49:32+0000 [stdout#info] ****
2019-09-23T17:49:32+0000 [stdout#info] AUTH SUCCESS {'status': 0, 'reason': 'AuthTrue: autologin certificate auth succeeded', 'serial_list': [], 'user': u'lan-with-inet', 'proplist': {u'prop_autologin': u'true', u'prop_force_lzo': u'false', u'pvt_password_digest': '[redacted]', u'type': u'user_compile', u'prop_autogenerate': u'true'}, 'common_name': u'lan-with-inet_AUTOLOGIN', 'serial': '4'} cli=u'win'/u'3.2__qa:d87f5bbc04)'
2019-09-23T17:49:32+0000 [stdout#info] [OVPN 1] OUT: "Mon Sep 23 17:49:32 2019 MANAGEMENT: CMD 'client-auth 3 0'"
2019-09-23T17:49:32+0000 [stdout#info] [OVPN 1] OUT: 'Mon Sep 23 17:49:32 2019 Hide-my-ip:7305 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA'
2019-09-23T17:49:32+0000 [stdout#info] [OVPN 1] OUT: 'Mon Sep 23 17:49:32 2019 Hide-my-ip:7305 [lan-with-inet_AUTOLOGIN] Peer Connection Initiated with [AF_INET]Hide-my-ip:7305 (via [AF_INET]172.31.39.10%eth0)'
2019-09-23T17:49:32+0000 [stdout#info] [OVPN 1] OUT: 'Mon Sep 23 17:49:32 2019 lan-with-inet_AUTOLOGIN/Hide-my-ip:7305 OPTIONS IMPORT: compression parms modified'
2019-09-23T17:49:32+0000 [stdout#info] [OVPN 1] OUT: 'Mon Sep 23 17:49:32 2019 lan-with-inet_AUTOLOGIN/Hide-my-ip:7305 MULTI: Learn: 172.27.232.5 -> lan-with-inet_AUTOLOGIN/Hide-my-ip:7305'
2019-09-23T17:49:32+0000 [stdout#info] [OVPN 1] OUT: 'Mon Sep 23 17:49:32 2019 lan-with-inet_AUTOLOGIN/Hide-my-ip:7305 MULTI: primary virtual IP for lan-with-inet_AUTOLOGIN/Hide-my-ip:7305: 172.27.232.5'
2019-09-23T17:49:32+0000 [stdout#info] [OVPN 1] OUT: "Mon Sep 23 17:49:32 2019 lan-with-inet_AUTOLOGIN/Hide-my-ip:7305 PUSH: Received control message: 'PUSH_REQUEST'"
2019-09-23T17:49:32+0000 [stdout#info] [OVPN 1] OUT: "Mon Sep 23 17:49:32 2019 lan-with-inet_AUTOLOGIN/Hide-my-ip:7305 SENT CONTROL [lan-with-inet_AUTOLOGIN]: 'PUSH_REPLY,explicit-exit-notify,topology subnet,route-delay 5 30,dhcp-pre-release,dhcp-renew,dhcp-release,route-metric 101,ping 12,ping-restart 50,compress stub-v2,redirect-gateway def1,redirect-gateway bypass-dhcp,redirect-gateway autolocal,route-gateway 172.27.232.1,dhcp-option DNS 172.31.0.2,register-dns,block-ipv6,ifconfig 172.27.232.5 255.255.248.0,peer-id 0,auth-tokenSESS_ID,cipher AES-256-GCM' (status=1)"
2019-09-23T17:49:32+0000 [stdout#info] [OVPN 1] OUT: "Mon Sep 23 17:49:32 2019 lan-with-inet_AUTOLOGIN/Hide-my-ip:7305 Data Channel: using negotiated cipher 'AES-256-GCM'"
2019-09-23T17:49:32+0000 [stdout#info] [OVPN 1] OUT: "Mon Sep 23 17:49:32 2019 lan-with-inet_AUTOLOGIN/Hide-my-ip:7305 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key"
2019-09-23T17:49:32+0000 [stdout#info] [OVPN 1] OUT: "Mon Sep 23 17:49:32 2019 lan-with-inet_AUTOLOGIN/Hide-my-ip:7305 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key"
2019-09-23T17:49:32+0000 [stdout#info] [OVPN 1] OUT: 'Mon Sep 23 17:49:32 2019 lan-with-inet_AUTOLOGIN/Hide-my-ip:7305 IP packet with unknown IP version=0 seen'

Client Log: (not sure where this log starts and stops).

Code: Select all

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.
Mon Sep 23 19:42:16 2019 Mon Sep 23 19:42:16 2019 DISCONNECTED
Mon Sep 23 19:49:32 2019 Mon Sep 23 19:49:32 2019 OpenVPN Management Interface 1.0.0/3.2 (qa:d87f5bbc04) win x86_64 64-bit [MbedTLS] built on Feb 26 2019 07:53:13
Mon Sep 23 19:49:32 2019 Mon Sep 23 19:49:32 2019 OMI Connecting to [127.0.0.1]:56017 [tcp]
Mon Sep 23 19:49:32 2019 Mon Sep 23 19:49:32 2019 OpenVPN core 3.2 (qa:d87f5bbc04) win x86_64 64-bit built on Feb 26 2019 07:53:13
Mon Sep 23 19:49:32 2019 Mon Sep 23 19:49:32 2019 Frame=512/2048/512 mssfix-ctrl=1250
Mon Sep 23 19:49:32 2019 Mon Sep 23 19:49:32 2019 UNUSED OPTIONS
4 [nobind] 
18 [sndbuf] [0] 
19 [rcvbuf] [0] 
21 [verb] [3] 
31 [CLI_PREF_ALLOW_WEB_IMPORT] [True] 
32 [CLI_PREF_BASIC_CLIENT] [False] 
33 [CLI_PREF_ENABLE_CONNECT] [True] 
34 [CLI_PREF_ENABLE_XD_PROXY] [True] 
35 [WSHOST] [open-vpn-server-ip:443] 
36 [WEB_CA_BUNDLE] [-----BEGIN CERTIFICATE----- MIIDBjCCAe6gAwIBAgIEXYjESTANBgkqhkiG...] 
37 [IS_OPENVPN_WEB_CA] [1] 
38 [ORGANIZATION] [OpenVPN Inc] 
Mon Sep 23 19:49:32 2019 Mon Sep 23 19:49:32 2019 RESOLVE
Mon Sep 23 19:49:32 2019 Mon Sep 23 19:49:32 2019 Contacting open-vpn-server-ip:1194 via UDP
Mon Sep 23 19:49:32 2019 Mon Sep 23 19:49:32 2019 WAIT
Mon Sep 23 19:49:32 2019 Mon Sep 23 19:49:32 2019 Connecting to [open-vpn-server-ip]:1194 (open-vpn-server-ip) via UDPv4
Mon Sep 23 19:49:32 2019 Mon Sep 23 19:49:32 2019 CONNECTING
Mon Sep 23 19:49:32 2019 Mon Sep 23 19:49:32 2019 Tunnel Options:V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client
Mon Sep 23 19:49:32 2019 Mon Sep 23 19:49:32 2019 Creds: Username/PasswordEmpty
Mon Sep 23 19:49:32 2019 Mon Sep 23 19:49:32 2019 Peer Info:
IV_GUI_VER=ovpnmi 1.0.0
IV_VER=3.2 (qa:d87f5bbc04)
IV_PLAT=win
IV_NCP=2
IV_TCPNL=1
IV_PROTO=2
IV_LZO=1
IV_LZO_SWAP=1
IV_LZ4=1
IV_LZ4v2=1
IV_COMP_STUB=1
IV_COMP_STUBv2=1
IV_AUTO_SESS=1
UV_ASCLI_VER=2.7.1.101
UV_PLAT_REL=Windows 10 Enterprise_6.3.18362
IV_HWADDR=2c:56:dc:49:bf:34

Mon Sep 23 19:49:32 2019 Mon Sep 23 19:49:32 2019 VERIFY OK : depth=1
cert. version     : 3
serial number     : 5D:88:C4:45
issuer name       : CN=OpenVPN CA
subject name      : CN=OpenVPN CA
issued  on        : 2019-09-16 13:10:29
expires on        : 2029-09-20 13:10:29
signed using      : RSA with SHA-256
RSA key size      : 2048 bits
basic constraints : CA=true

Mon Sep 23 19:49:32 2019 Mon Sep 23 19:49:32 2019 VERIFY OK : depth=0
cert. version     : 3
serial number     : 01
issuer name       : CN=OpenVPN CA
subject name      : CN=OpenVPN Server
issued  on        : 2019-09-16 13:10:30
expires on        : 2029-09-20 13:10:30
signed using      : RSA with SHA-256
RSA key size      : 2048 bits
basic constraints : CA=false
cert. type        : SSL Server

Mon Sep 23 19:49:32 2019 Mon Sep 23 19:49:32 2019 SSL Handshake: TLSv1.2/TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384
Mon Sep 23 19:49:32 2019 Mon Sep 23 19:49:32 2019 Session is ACTIVE
Mon Sep 23 19:49:32 2019 Mon Sep 23 19:49:32 2019 GET_CONFIG
Mon Sep 23 19:49:32 2019 Mon Sep 23 19:49:32 2019 Sending PUSH_REQUEST to server...
Mon Sep 23 19:49:32 2019 Mon Sep 23 19:49:32 2019 OPTIONS:
0 [explicit-exit-notify] 
1 [topology] [subnet] 
2 [route-delay] [5] [30] 
3 [dhcp-pre-release] 
4 [dhcp-renew] 
5 [dhcp-release] 
6 [route-metric] [101] 
7 [ping] [12] 
8 [ping-restart] [50] 
9 [compress] [stub-v2] 
10 [redirect-gateway] [def1] 
11 [redirect-gateway] [bypass-dhcp] 
12 [redirect-gateway] [autolocal] 
13 [route-gateway] [172.27.232.1] 
14 [dhcp-option] [DNS] [172.31.0.2] 
15 [register-dns] 
16 [block-ipv6] 
17 [ifconfig] [172.27.232.5] [255.255.248.0] 
18 [peer-id] [0] 
19 [auth-token] ...
20 [cipher] [AES-256-GCM] 

Mon Sep 23 19:49:32 2019 Mon Sep 23 19:49:32 2019 Session token: [redacted]
Mon Sep 23 19:49:32 2019 Mon Sep 23 19:49:32 2019 PROTOCOL OPTIONS:
  cipher: AES-256-GCM
  digest: SHA1
  compress: COMP_STUBv2
  peer ID: 0
Mon Sep 23 19:49:32 2019 Mon Sep 23 19:49:32 2019 ASSIGN_IP
Mon Sep 23 19:49:32 2019 Mon Sep 23 19:49:32 2019 CAPTURED OPTIONS:
Session Name: open-vpn-server-ip
Layer: OSI_LAYER_3
Remote Address: open-vpn-server-ip
Tunnel Addresses:
  172.27.232.5/21 -> 172.27.232.1
Reroute Gateway: IPv4=1 IPv6=0 flags=[ ENABLE REROUTE_GW AUTO_LOCAL DEF1 BYPASS_DHCP IPv4 ]
Block IPv6: yes
Route Metric Default: 101
Add Routes:
Exclude Routes:
DNS Servers:
  172.31.0.2
Search Domains:

Mon Sep 23 19:49:32 2019 Mon Sep 23 19:49:32 2019 proxy_auto_config_url 
Mon Sep 23 19:49:33 2019 Mon Sep 23 19:49:33 2019 TAP ADAPTERS:
guid='{D54A8EB5-ABE1-4084-89C3-79B647EF975B}' index=44 name='Ethernet 4'

Open TAP device "Ethernet 4" PATH="\\.\Global\{D54A8EB5-ABE1-4084-89C3-79B647EF975B}.tap" SUCCEEDED
TAP-Windows Driver Version 9.21
ActionDeleteAllRoutesOnInterface iface_index=44
netsh interface ip set interface 44 metric=1
Ok.

netsh interface ip set address 44 static 172.27.232.5 255.255.248.0 gateway=172.27.232.1 gwmetric=101 store=active

netsh interface ipv6 add route 2000::/4 interface=1 store=active
Ok.

netsh interface ipv6 add route 3000::/4 interface=1 store=active
Ok.

netsh interface ipv6 add route fc00::/7 interface=1 store=active
Ok.

netsh interface ip add route open-vpn-server-ip/32 12 10.1.10.1 store=active
Ok.

netsh interface ip add route 0.0.0.0/1 44 172.27.232.1 store=active
Ok.

netsh interface ip add route 128.0.0.0/1 44 172.27.232.1 store=active
Ok.

netsh interface ip set dnsservers 44 static 172.31.0.2 register=primary validate=no

NRPT::ActionCreate names=[.] dns_servers=[172.31.0.2]
ActionWFP openvpn_app_path=C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\etc\..\core\openvpn64.exe tap_index=44 enable=1
permit IPv4 DNS requests from OpenVPN app
permit IPv6 DNS requests from OpenVPN app
block IPv4 DNS requests from other apps
block IPv6 DNS requests from other apps
allow IPv4 traffic from TAP
allow IPv6 traffic from TAP
ipconfig /flushdns

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.
Mon Sep 23 19:49:33 2019 Mon Sep 23 19:49:33 2019 TunPersist: saving tun context:
Session Name: open-vpn-server-ip
Layer: OSI_LAYER_3
Remote Address: open-vpn-server-ip
Tunnel Addresses:
  172.27.232.5/21 -> 172.27.232.1
Reroute Gateway: IPv4=1 IPv6=0 flags=[ ENABLE REROUTE_GW AUTO_LOCAL DEF1 BYPASS_DHCP IPv4 ]
Block IPv6: yes
Route Metric Default: 101
Add Routes:
Exclude Routes:
DNS Servers:
  172.31.0.2
Search Domains:

Mon Sep 23 19:49:33 2019 Mon Sep 23 19:49:33 2019 Connected via TUN_WIN
Mon Sep 23 19:49:33 2019 Mon Sep 23 19:49:33 2019 Comp-stubV2 init
Mon Sep 23 19:49:33 2019 Mon Sep 23 19:49:33 2019 CONNECTED : lan-with-inet@open-vpn-server-ip:1194 (open-vpn-server-ip) via /UDPv4 on TUN_WIN/172.27.232.5/ gw=[172.27.232.1/]

[TinCanTech]

i just saw as generel question

GOAL: Disable routing internet traffic for certain users/clients thru the OpenVPN Access Server

At least we now know what version of openvpn you are using ..

[mirky]

i just saw as generel question

GOAL: Disable routing internet traffic for certain users/clients thru the OpenVPN Access Server

At least we now know what version of openvpn you are using ..

Right. So do you have any ideas?.

There is another thing that seems odd to me, in the windows client, whenever I have modified the .ovpn file, i remove it and add it back in again.
Sometimes, but not always, it prompts to verify the new .ovpn .. I can then view it, but the changes i made don't show up.

Could it be that it doesn't even take in my changes?. But I have tried messing enough around for it to not even want to connect, so ..

[mirky]

Did some more testing and Linux client works, with the same .ovpn file modified. The windows client just seems to ignore any changes made to the .ovpn file. It does see a change however if i make a commented line.
So now I guess I can focus on what exactly that the windows client is doing/not doing.

[mirky]

SOLVED

Solution.
I guess the reason was that I didn't really realize the different versions of client program. And overall which parts are opensource and which are commercial maybe, of openvpn.

The "OpenVPN GUI" worked for me, not the "openvpn connect"