Hello there
I am a little puzzled by something, but maybe there is a simple solution?.
In "VPN Settings", i can change "Should client Internet traffic be routed through the VPN?" to yes, and all clients will have their internet traffic routed thru the server.
But what if I only want specific users/clients do this?.
Internet traffic - only specific clients
-
- OpenVpn Newbie
- Posts: 9
- Joined: Mon Sep 23, 2019 2:22 am
-
- OpenVPN Protagonist
- Posts: 11139
- Joined: Fri Jun 03, 2016 1:17 pm
-
- OpenVpn Newbie
- Posts: 9
- Joined: Mon Sep 23, 2019 2:22 am
Re: Internet traffic - only specific clients
okay, here is some more information. Tho, i just saw as generel question.
GOAL: Disable routing internet traffic for certain users/clients thru the OpenVPN Access Server.
Since I only see a global option for this in the server web-gui, I am thinking it must be done in the .ovpn client file.
I would use different profiles depending on what i want to do. Is there a better solution?. I really don't understand why there is not a option for this under each individual user, to route internet or not.
Setup:
OpenVPN Access Server - v2.7.4 - AWS Hosted, from marketplace, on Ubuntu 18.04.2 LTS
OpenVPN Connect - v2.7.1.101 - Running on Windows 10
Server Config:
..... not sure how to get to this.. not in /etc/.. but in other file.
The setup is barebones, fresh install, only with "Should client Internet traffic be routed through the VPN?" set to yes.
Client Config .ovpn config file:
The "--pull-filter ignore redirect-gateway", i am trying to use to make it not route internet traffic thru the vpn server.
I got it from here. https://community.openvpn.net/openvpn/w ... ectGateway
But i am not sure if that is correct or i need something else, or more.
Question. Are the double -- dash needed?, and does it matter where it is placed in the config file?.
Client Routing table when connected:
Server Log:
Client Log: (not sure where this log starts and stops).
GOAL: Disable routing internet traffic for certain users/clients thru the OpenVPN Access Server.
Since I only see a global option for this in the server web-gui, I am thinking it must be done in the .ovpn client file.
I would use different profiles depending on what i want to do. Is there a better solution?. I really don't understand why there is not a option for this under each individual user, to route internet or not.
Setup:
OpenVPN Access Server - v2.7.4 - AWS Hosted, from marketplace, on Ubuntu 18.04.2 LTS
OpenVPN Connect - v2.7.1.101 - Running on Windows 10
Server Config:
..... not sure how to get to this.. not in /etc/.. but in other file.
The setup is barebones, fresh install, only with "Should client Internet traffic be routed through the VPN?" set to yes.
Client Config .ovpn config file:
The "--pull-filter ignore redirect-gateway", i am trying to use to make it not route internet traffic thru the vpn server.
I got it from here. https://community.openvpn.net/openvpn/w ... ectGateway
But i am not sure if that is correct or i need something else, or more.
Question. Are the double -- dash needed?, and does it matter where it is placed in the config file?.
Code: Select all
.............. commented stuff omitted....
setenv FORWARD_COMPATIBLE 1
client
--pull-filter ignore redirect-gateway
server-poll-timeout 4
nobind
remote 18.--vpn-server-ip 1194 udp
remote 18.--vpn-server-ip 1194 udp
remote 18.--vpn-server-ip 443 tcp
remote 18.--vpn-server-ip 1194 udp
remote 18.--vpn-server-ip 1194 udp
remote 18.--vpn-server-ip 1194 udp
remote 18.--vpn-server-ip 1194 udp
remote 18.--vpn-server-ip 1194 udp
dev tun
dev-type tun
ns-cert-type server
setenv opt tls-version-min 1.0 or-highest
reneg-sec 604800
sndbuf 0
rcvbuf 0
# NOTE: LZO commands are pushed by the Access Server at connect time.
# NOTE: The below line doesn't disable LZO.
comp-lzo no
verb 3
setenv PUSH_PEER_INFO
.... certificates stuff omitted.....
Client Routing table when connected:
Code: Select all
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.1.10.1 10.1.10.101 281
0.0.0.0 128.0.0.0 172.27.232.1 172.27.232.4 257
10.1.10.0 255.255.255.0 On-link 10.1.10.101 281
10.1.10.101 255.255.255.255 On-link 10.1.10.101 281
10.1.10.255 255.255.255.255 On-link 10.1.10.101 281
18.196.25.116 255.255.255.255 10.1.10.1 10.1.10.101 281
127.0.0.0 255.0.0.0 On-link 127.0.0.1 331
127.0.0.1 255.255.255.255 On-link 127.0.0.1 331
127.255.255.255 255.255.255.255 On-link 127.0.0.1 331
128.0.0.0 128.0.0.0 172.27.232.1 172.27.232.4 257
169.254.0.0 255.255.0.0 On-link 169.254.18.48 281
169.254.18.48 255.255.255.255 On-link 169.254.18.48 281
169.254.255.255 255.255.255.255 On-link 169.254.18.48 281
172.27.232.0 255.255.248.0 On-link 172.27.232.4 257
172.27.232.4 255.255.255.255 On-link 172.27.232.4 257
172.27.239.255 255.255.255.255 On-link 172.27.232.4 257
224.0.0.0 240.0.0.0 On-link 127.0.0.1 331
224.0.0.0 240.0.0.0 On-link 169.254.18.48 281
224.0.0.0 240.0.0.0 On-link 10.1.10.101 281
224.0.0.0 240.0.0.0 On-link 172.27.232.4 257
255.255.255.255 255.255.255.255 On-link 127.0.0.1 331
255.255.255.255 255.255.255.255 On-link 169.254.18.48 281
255.255.255.255 255.255.255.255 On-link 10.1.10.101 281
255.255.255.255 255.255.255.255 On-link 172.27.232.4 257
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
0.0.0.0 0.0.0.0 10.1.10.1 Default
===========================================================================
Server Log:
Code: Select all
2019-09-23T17:42:15+0000 [stdout#info] [OVPN 1] OUT: 'Mon Sep 23 17:42:15 2019 lan-with-inet_AUTOLOGIN/Hide-my-ip:5287 SIGTERM[soft,remote-exit] received, client-instance exiting'
2019-09-23T17:49:32+0000 [stdout#info] [OVPN 1] OUT: 'Mon Sep 23 17:49:32 2019 Hide-my-ip:7305 TLS: Initial packet from [AF_INET]Hide-my-ip:7305 (via [AF_INET]172.31.39.10%eth0), sid=bf88a737 3fad61b9'
2019-09-23T17:49:32+0000 [stdout#info] [OVPN 1] OUT: 'Mon Sep 23 17:49:32 2019 Hide-my-ip:7305 VERIFY OK: depth=1, /CN=OpenVPN CA'
2019-09-23T17:49:32+0000 [stdout#info] [OVPN 1] OUT: 'Mon Sep 23 17:49:32 2019 Hide-my-ip:7305 VERIFY OK: nsCertType=CLIENT'
2019-09-23T17:49:32+0000 [stdout#info] [OVPN 1] OUT: 'Mon Sep 23 17:49:32 2019 Hide-my-ip:7305 VERIFY OK: depth=0, /CN=lan-with-inet_AUTOLOGIN'
2019-09-23T17:49:32+0000 [stdout#info] [OVPN 1] OUT: 'Mon Sep 23 17:49:32 2019 Hide-my-ip:7305 peer info: IV_GUI_VER=ovpnmi_1.0.0'
2019-09-23T17:49:32+0000 [stdout#info] [OVPN 1] OUT: 'Mon Sep 23 17:49:32 2019 Hide-my-ip:7305 peer info: IV_VER=3.2__qa:d87f5bbc04)'
2019-09-23T17:49:32+0000 [stdout#info] [OVPN 1] OUT: 'Mon Sep 23 17:49:32 2019 Hide-my-ip:7305 peer info: IV_PLAT=win'
2019-09-23T17:49:32+0000 [stdout#info] [OVPN 1] OUT: 'Mon Sep 23 17:49:32 2019 Hide-my-ip:7305 peer info: IV_NCP=2'
2019-09-23T17:49:32+0000 [stdout#info] [OVPN 1] OUT: 'Mon Sep 23 17:49:32 2019 Hide-my-ip:7305 peer info: IV_TCPNL=1'
2019-09-23T17:49:32+0000 [stdout#info] [OVPN 1] OUT: 'Mon Sep 23 17:49:32 2019 Hide-my-ip:7305 peer info: IV_PROTO=2'
2019-09-23T17:49:32+0000 [stdout#info] [OVPN 1] OUT: 'Mon Sep 23 17:49:32 2019 Hide-my-ip:7305 peer info: IV_LZO=1'
2019-09-23T17:49:32+0000 [stdout#info] [OVPN 1] OUT: 'Mon Sep 23 17:49:32 2019 Hide-my-ip:7305 peer info: IV_LZO_SWAP=1'
2019-09-23T17:49:32+0000 [stdout#info] [OVPN 1] OUT: 'Mon Sep 23 17:49:32 2019 Hide-my-ip:7305 peer info: IV_LZ4=1'
2019-09-23T17:49:32+0000 [stdout#info] [OVPN 1] OUT: 'Mon Sep 23 17:49:32 2019 Hide-my-ip:7305 peer info: IV_LZ4v2=1'
2019-09-23T17:49:32+0000 [stdout#info] [OVPN 1] OUT: 'Mon Sep 23 17:49:32 2019 Hide-my-ip:7305 peer info: IV_COMP_STUB=1'
2019-09-23T17:49:32+0000 [stdout#info] [OVPN 1] OUT: 'Mon Sep 23 17:49:32 2019 Hide-my-ip:7305 peer info: IV_COMP_STUBv2=1'
2019-09-23T17:49:32+0000 [stdout#info] [OVPN 1] OUT: 'Mon Sep 23 17:49:32 2019 Hide-my-ip:7305 peer info: IV_AUTO_SESS=1'
2019-09-23T17:49:32+0000 [stdout#info] [OVPN 1] OUT: 'Mon Sep 23 17:49:32 2019 Hide-my-ip:7305 peer info: UV_ASCLI_VER=2.7.1.101'
2019-09-23T17:49:32+0000 [stdout#info] [OVPN 1] OUT: 'Mon Sep 23 17:49:32 2019 Hide-my-ip:7305 peer info: UV_PLAT_REL=Windows_10_Enterprise_6.3.18362'
2019-09-23T17:49:32+0000 [stdout#info] [OVPN 1] OUT: 'Mon Sep 23 17:49:32 2019 Hide-my-ip:7305 peer info: IV_HWADDR=2c:56:dc:49:bf:34'
2019-09-23T17:49:32+0000 [stdout#info] [OVPN 1] OUT: "Mon Sep 23 17:49:32 2019 Hide-my-ip:7305 TLS: Username/Password authentication deferred for username '' "
2019-09-23T17:49:32+0000 [stdout#info] ::.[usersvc.py, Line 571] Client created.::
2019-09-23T17:49:32+0000 [stdout#info] **** CLIENT_CONNECT User=u'lan-with-inet', CN=u'lan-with-inet_AUTOLOGIN', DID/CID=('1', 3), SerList=()
2019-09-23T17:49:32+0000 [stdout#info] FORCE_UNIQUE True
2019-09-23T17:49:32+0000 [stdout#info] CC_CMDS
2019-09-23T17:49:32+0000 [stdout#info] compress stub-v2
2019-09-23T17:49:32+0000 [stdout#info] push "compress stub-v2"
2019-09-23T17:49:32+0000 [stdout#info] push "redirect-gateway def1"
2019-09-23T17:49:32+0000 [stdout#info] push "redirect-gateway bypass-dhcp"
2019-09-23T17:49:32+0000 [stdout#info] push "redirect-gateway autolocal"
2019-09-23T17:49:32+0000 [stdout#info] ifconfig-push 172.27.232.5 255.255.248.0
2019-09-23T17:49:32+0000 [stdout#info] push "route-gateway 172.27.232.1"
2019-09-23T17:49:32+0000 [stdout#info] push "dhcp-option DNS 172.31.0.2"
2019-09-23T17:49:32+0000 [stdout#info] push "register-dns"
2019-09-23T17:49:32+0000 [stdout#info] push "block-ipv6"
2019-09-23T17:49:32+0000 [stdout#info] ACTIONS
2019-09-23T17:49:32+0000 [stdout#info] <ActionIPT u'iptables -t filter -R AS0_OUT 1 -d 172.27.232.5 -j AS0_U_LANWITHI_OUT'>
2019-09-23T17:49:32+0000 [stdout#info] <ActionEffect func=<function <lambda> at 0x7fbd3911fcf8> type='mod_inc'>
2019-09-23T17:49:32+0000 [stdout#info] UNDO_ACTIONS
2019-09-23T17:49:32+0000 [stdout#info] <ActionEffect func=<function <lambda> at 0x7fbd388eb500> type='dynamic_ip'>
2019-09-23T17:49:32+0000 [stdout#info] <ActionIPT 'iptables -t filter -R AS0_OUT 1 -d 0.0.0.0'>
2019-09-23T17:49:32+0000 [stdout#info] <ActionEffect func=<function <lambda> at 0x7fbd3911f8c0> type='mod_dec'>
2019-09-23T17:49:32+0000 [stdout#info] ****
2019-09-23T17:49:32+0000 [stdout#info] AUTH SUCCESS {'status': 0, 'reason': 'AuthTrue: autologin certificate auth succeeded', 'serial_list': [], 'user': u'lan-with-inet', 'proplist': {u'prop_autologin': u'true', u'prop_force_lzo': u'false', u'pvt_password_digest': '[redacted]', u'type': u'user_compile', u'prop_autogenerate': u'true'}, 'common_name': u'lan-with-inet_AUTOLOGIN', 'serial': '4'} cli=u'win'/u'3.2__qa:d87f5bbc04)'
2019-09-23T17:49:32+0000 [stdout#info] [OVPN 1] OUT: "Mon Sep 23 17:49:32 2019 MANAGEMENT: CMD 'client-auth 3 0'"
2019-09-23T17:49:32+0000 [stdout#info] [OVPN 1] OUT: 'Mon Sep 23 17:49:32 2019 Hide-my-ip:7305 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA'
2019-09-23T17:49:32+0000 [stdout#info] [OVPN 1] OUT: 'Mon Sep 23 17:49:32 2019 Hide-my-ip:7305 [lan-with-inet_AUTOLOGIN] Peer Connection Initiated with [AF_INET]Hide-my-ip:7305 (via [AF_INET]172.31.39.10%eth0)'
2019-09-23T17:49:32+0000 [stdout#info] [OVPN 1] OUT: 'Mon Sep 23 17:49:32 2019 lan-with-inet_AUTOLOGIN/Hide-my-ip:7305 OPTIONS IMPORT: compression parms modified'
2019-09-23T17:49:32+0000 [stdout#info] [OVPN 1] OUT: 'Mon Sep 23 17:49:32 2019 lan-with-inet_AUTOLOGIN/Hide-my-ip:7305 MULTI: Learn: 172.27.232.5 -> lan-with-inet_AUTOLOGIN/Hide-my-ip:7305'
2019-09-23T17:49:32+0000 [stdout#info] [OVPN 1] OUT: 'Mon Sep 23 17:49:32 2019 lan-with-inet_AUTOLOGIN/Hide-my-ip:7305 MULTI: primary virtual IP for lan-with-inet_AUTOLOGIN/Hide-my-ip:7305: 172.27.232.5'
2019-09-23T17:49:32+0000 [stdout#info] [OVPN 1] OUT: "Mon Sep 23 17:49:32 2019 lan-with-inet_AUTOLOGIN/Hide-my-ip:7305 PUSH: Received control message: 'PUSH_REQUEST'"
2019-09-23T17:49:32+0000 [stdout#info] [OVPN 1] OUT: "Mon Sep 23 17:49:32 2019 lan-with-inet_AUTOLOGIN/Hide-my-ip:7305 SENT CONTROL [lan-with-inet_AUTOLOGIN]: 'PUSH_REPLY,explicit-exit-notify,topology subnet,route-delay 5 30,dhcp-pre-release,dhcp-renew,dhcp-release,route-metric 101,ping 12,ping-restart 50,compress stub-v2,redirect-gateway def1,redirect-gateway bypass-dhcp,redirect-gateway autolocal,route-gateway 172.27.232.1,dhcp-option DNS 172.31.0.2,register-dns,block-ipv6,ifconfig 172.27.232.5 255.255.248.0,peer-id 0,auth-tokenSESS_ID,cipher AES-256-GCM' (status=1)"
2019-09-23T17:49:32+0000 [stdout#info] [OVPN 1] OUT: "Mon Sep 23 17:49:32 2019 lan-with-inet_AUTOLOGIN/Hide-my-ip:7305 Data Channel: using negotiated cipher 'AES-256-GCM'"
2019-09-23T17:49:32+0000 [stdout#info] [OVPN 1] OUT: "Mon Sep 23 17:49:32 2019 lan-with-inet_AUTOLOGIN/Hide-my-ip:7305 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key"
2019-09-23T17:49:32+0000 [stdout#info] [OVPN 1] OUT: "Mon Sep 23 17:49:32 2019 lan-with-inet_AUTOLOGIN/Hide-my-ip:7305 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key"
2019-09-23T17:49:32+0000 [stdout#info] [OVPN 1] OUT: 'Mon Sep 23 17:49:32 2019 lan-with-inet_AUTOLOGIN/Hide-my-ip:7305 IP packet with unknown IP version=0 seen'
Client Log: (not sure where this log starts and stops).
Code: Select all
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
Mon Sep 23 19:42:16 2019 Mon Sep 23 19:42:16 2019 DISCONNECTED
Mon Sep 23 19:49:32 2019 Mon Sep 23 19:49:32 2019 OpenVPN Management Interface 1.0.0/3.2 (qa:d87f5bbc04) win x86_64 64-bit [MbedTLS] built on Feb 26 2019 07:53:13
Mon Sep 23 19:49:32 2019 Mon Sep 23 19:49:32 2019 OMI Connecting to [127.0.0.1]:56017 [tcp]
Mon Sep 23 19:49:32 2019 Mon Sep 23 19:49:32 2019 OpenVPN core 3.2 (qa:d87f5bbc04) win x86_64 64-bit built on Feb 26 2019 07:53:13
Mon Sep 23 19:49:32 2019 Mon Sep 23 19:49:32 2019 Frame=512/2048/512 mssfix-ctrl=1250
Mon Sep 23 19:49:32 2019 Mon Sep 23 19:49:32 2019 UNUSED OPTIONS
4 [nobind]
18 [sndbuf] [0]
19 [rcvbuf] [0]
21 [verb] [3]
31 [CLI_PREF_ALLOW_WEB_IMPORT] [True]
32 [CLI_PREF_BASIC_CLIENT] [False]
33 [CLI_PREF_ENABLE_CONNECT] [True]
34 [CLI_PREF_ENABLE_XD_PROXY] [True]
35 [WSHOST] [open-vpn-server-ip:443]
36 [WEB_CA_BUNDLE] [-----BEGIN CERTIFICATE----- MIIDBjCCAe6gAwIBAgIEXYjESTANBgkqhkiG...]
37 [IS_OPENVPN_WEB_CA] [1]
38 [ORGANIZATION] [OpenVPN Inc]
Mon Sep 23 19:49:32 2019 Mon Sep 23 19:49:32 2019 RESOLVE
Mon Sep 23 19:49:32 2019 Mon Sep 23 19:49:32 2019 Contacting open-vpn-server-ip:1194 via UDP
Mon Sep 23 19:49:32 2019 Mon Sep 23 19:49:32 2019 WAIT
Mon Sep 23 19:49:32 2019 Mon Sep 23 19:49:32 2019 Connecting to [open-vpn-server-ip]:1194 (open-vpn-server-ip) via UDPv4
Mon Sep 23 19:49:32 2019 Mon Sep 23 19:49:32 2019 CONNECTING
Mon Sep 23 19:49:32 2019 Mon Sep 23 19:49:32 2019 Tunnel Options:V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client
Mon Sep 23 19:49:32 2019 Mon Sep 23 19:49:32 2019 Creds: Username/PasswordEmpty
Mon Sep 23 19:49:32 2019 Mon Sep 23 19:49:32 2019 Peer Info:
IV_GUI_VER=ovpnmi 1.0.0
IV_VER=3.2 (qa:d87f5bbc04)
IV_PLAT=win
IV_NCP=2
IV_TCPNL=1
IV_PROTO=2
IV_LZO=1
IV_LZO_SWAP=1
IV_LZ4=1
IV_LZ4v2=1
IV_COMP_STUB=1
IV_COMP_STUBv2=1
IV_AUTO_SESS=1
UV_ASCLI_VER=2.7.1.101
UV_PLAT_REL=Windows 10 Enterprise_6.3.18362
IV_HWADDR=2c:56:dc:49:bf:34
Mon Sep 23 19:49:32 2019 Mon Sep 23 19:49:32 2019 VERIFY OK : depth=1
cert. version : 3
serial number : 5D:88:C4:45
issuer name : CN=OpenVPN CA
subject name : CN=OpenVPN CA
issued on : 2019-09-16 13:10:29
expires on : 2029-09-20 13:10:29
signed using : RSA with SHA-256
RSA key size : 2048 bits
basic constraints : CA=true
Mon Sep 23 19:49:32 2019 Mon Sep 23 19:49:32 2019 VERIFY OK : depth=0
cert. version : 3
serial number : 01
issuer name : CN=OpenVPN CA
subject name : CN=OpenVPN Server
issued on : 2019-09-16 13:10:30
expires on : 2029-09-20 13:10:30
signed using : RSA with SHA-256
RSA key size : 2048 bits
basic constraints : CA=false
cert. type : SSL Server
Mon Sep 23 19:49:32 2019 Mon Sep 23 19:49:32 2019 SSL Handshake: TLSv1.2/TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384
Mon Sep 23 19:49:32 2019 Mon Sep 23 19:49:32 2019 Session is ACTIVE
Mon Sep 23 19:49:32 2019 Mon Sep 23 19:49:32 2019 GET_CONFIG
Mon Sep 23 19:49:32 2019 Mon Sep 23 19:49:32 2019 Sending PUSH_REQUEST to server...
Mon Sep 23 19:49:32 2019 Mon Sep 23 19:49:32 2019 OPTIONS:
0 [explicit-exit-notify]
1 [topology] [subnet]
2 [route-delay] [5] [30]
3 [dhcp-pre-release]
4 [dhcp-renew]
5 [dhcp-release]
6 [route-metric] [101]
7 [ping] [12]
8 [ping-restart] [50]
9 [compress] [stub-v2]
10 [redirect-gateway] [def1]
11 [redirect-gateway] [bypass-dhcp]
12 [redirect-gateway] [autolocal]
13 [route-gateway] [172.27.232.1]
14 [dhcp-option] [DNS] [172.31.0.2]
15 [register-dns]
16 [block-ipv6]
17 [ifconfig] [172.27.232.5] [255.255.248.0]
18 [peer-id] [0]
19 [auth-token] ...
20 [cipher] [AES-256-GCM]
Mon Sep 23 19:49:32 2019 Mon Sep 23 19:49:32 2019 Session token: [redacted]
Mon Sep 23 19:49:32 2019 Mon Sep 23 19:49:32 2019 PROTOCOL OPTIONS:
cipher: AES-256-GCM
digest: SHA1
compress: COMP_STUBv2
peer ID: 0
Mon Sep 23 19:49:32 2019 Mon Sep 23 19:49:32 2019 ASSIGN_IP
Mon Sep 23 19:49:32 2019 Mon Sep 23 19:49:32 2019 CAPTURED OPTIONS:
Session Name: open-vpn-server-ip
Layer: OSI_LAYER_3
Remote Address: open-vpn-server-ip
Tunnel Addresses:
172.27.232.5/21 -> 172.27.232.1
Reroute Gateway: IPv4=1 IPv6=0 flags=[ ENABLE REROUTE_GW AUTO_LOCAL DEF1 BYPASS_DHCP IPv4 ]
Block IPv6: yes
Route Metric Default: 101
Add Routes:
Exclude Routes:
DNS Servers:
172.31.0.2
Search Domains:
Mon Sep 23 19:49:32 2019 Mon Sep 23 19:49:32 2019 proxy_auto_config_url
Mon Sep 23 19:49:33 2019 Mon Sep 23 19:49:33 2019 TAP ADAPTERS:
guid='{D54A8EB5-ABE1-4084-89C3-79B647EF975B}' index=44 name='Ethernet 4'
Open TAP device "Ethernet 4" PATH="\\.\Global\{D54A8EB5-ABE1-4084-89C3-79B647EF975B}.tap" SUCCEEDED
TAP-Windows Driver Version 9.21
ActionDeleteAllRoutesOnInterface iface_index=44
netsh interface ip set interface 44 metric=1
Ok.
netsh interface ip set address 44 static 172.27.232.5 255.255.248.0 gateway=172.27.232.1 gwmetric=101 store=active
netsh interface ipv6 add route 2000::/4 interface=1 store=active
Ok.
netsh interface ipv6 add route 3000::/4 interface=1 store=active
Ok.
netsh interface ipv6 add route fc00::/7 interface=1 store=active
Ok.
netsh interface ip add route open-vpn-server-ip/32 12 10.1.10.1 store=active
Ok.
netsh interface ip add route 0.0.0.0/1 44 172.27.232.1 store=active
Ok.
netsh interface ip add route 128.0.0.0/1 44 172.27.232.1 store=active
Ok.
netsh interface ip set dnsservers 44 static 172.31.0.2 register=primary validate=no
NRPT::ActionCreate names=[.] dns_servers=[172.31.0.2]
ActionWFP openvpn_app_path=C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\etc\..\core\openvpn64.exe tap_index=44 enable=1
permit IPv4 DNS requests from OpenVPN app
permit IPv6 DNS requests from OpenVPN app
block IPv4 DNS requests from other apps
block IPv6 DNS requests from other apps
allow IPv4 traffic from TAP
allow IPv6 traffic from TAP
ipconfig /flushdns
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
Mon Sep 23 19:49:33 2019 Mon Sep 23 19:49:33 2019 TunPersist: saving tun context:
Session Name: open-vpn-server-ip
Layer: OSI_LAYER_3
Remote Address: open-vpn-server-ip
Tunnel Addresses:
172.27.232.5/21 -> 172.27.232.1
Reroute Gateway: IPv4=1 IPv6=0 flags=[ ENABLE REROUTE_GW AUTO_LOCAL DEF1 BYPASS_DHCP IPv4 ]
Block IPv6: yes
Route Metric Default: 101
Add Routes:
Exclude Routes:
DNS Servers:
172.31.0.2
Search Domains:
Mon Sep 23 19:49:33 2019 Mon Sep 23 19:49:33 2019 Connected via TUN_WIN
Mon Sep 23 19:49:33 2019 Mon Sep 23 19:49:33 2019 Comp-stubV2 init
Mon Sep 23 19:49:33 2019 Mon Sep 23 19:49:33 2019 CONNECTED : lan-with-inet@open-vpn-server-ip:1194 (open-vpn-server-ip) via /UDPv4 on TUN_WIN/172.27.232.5/ gw=[172.27.232.1/]
-
- OpenVPN Protagonist
- Posts: 11139
- Joined: Fri Jun 03, 2016 1:17 pm
-
- OpenVpn Newbie
- Posts: 9
- Joined: Mon Sep 23, 2019 2:22 am
Re: Internet traffic - only specific clients
Right. So do you have any ideas?.TinCanTech wrote: ↑Mon Sep 23, 2019 6:48 pmAt least we now know what version of openvpn you are using ..
There is another thing that seems odd to me, in the windows client, whenever I have modified the .ovpn file, i remove it and add it back in again.
Sometimes, but not always, it prompts to verify the new .ovpn .. I can then view it, but the changes i made don't show up.
Could it be that it doesn't even take in my changes?. But I have tried messing enough around for it to not even want to connect, so ..

-
- OpenVpn Newbie
- Posts: 9
- Joined: Mon Sep 23, 2019 2:22 am
Re: Internet traffic - only specific clients
Did some more testing and Linux client works, with the same .ovpn file modified. The windows client just seems to ignore any changes made to the .ovpn file. It does see a change however if i make a commented line.
So now I guess I can focus on what exactly that the windows client is doing/not doing.
So now I guess I can focus on what exactly that the windows client is doing/not doing.
-
- OpenVpn Newbie
- Posts: 9
- Joined: Mon Sep 23, 2019 2:22 am
Re: Internet traffic - only specific clients
SOLVED
Solution.
I guess the reason was that I didn't really realize the different versions of client program. And overall which parts are opensource and which are commercial maybe, of openvpn.
The "OpenVPN GUI" worked for me, not the "openvpn connect"
Solution.
I guess the reason was that I didn't really realize the different versions of client program. And overall which parts are opensource and which are commercial maybe, of openvpn.
The "OpenVPN GUI" worked for me, not the "openvpn connect"