Folks,
Is there a way to have the OpenVPN Connect client use a particular interface to connect to a server (in this case, OpenVPN Cloud)? I'm experimenting with using OpenVPN Cloud as a backup admin VPN for a few remote sites. For this to work, I need to have the OpenVPN traffic exit the Mac using the directly attached LTE interface, not the default Ethernet.
Any thoughts about how to do this? I could add a static route for the OpenVPN Cloud server prefix but that seems potentially fragile given that it's removing the indirection from the DNS lookup.
Cheers!
Scott....
Egress Interface pinning
- openvpn_inc
- OpenVPN Inc.
- Posts: 1333
- Joined: Tue Feb 16, 2021 10:41 am
Re: Egress Interface pinning
Hello smackie,
OpenVPN just follows whatever route your routing table tells it to use. You could probably figure out one of the IP addresses of one of our servers, and then input that into OpenVPN Connect v3 (you can override which server it connects to from within the Connect v3 app), and set up a route in your routing table for that one specific IP to go through a different interface than the default.
That's one way to do what you request. But there's no configuration option that says - use this interface.
edit: I should probably point out that bypassing DNS for this could be bad, as during maintenance we might move some servers out of commission and replace them with others, and if you pin by IP, you might get into trouble later on.
Kind regards,
Johan
OpenVPN just follows whatever route your routing table tells it to use. You could probably figure out one of the IP addresses of one of our servers, and then input that into OpenVPN Connect v3 (you can override which server it connects to from within the Connect v3 app), and set up a route in your routing table for that one specific IP to go through a different interface than the default.
That's one way to do what you request. But there's no configuration option that says - use this interface.
edit: I should probably point out that bypassing DNS for this could be bad, as during maintenance we might move some servers out of commission and replace them with others, and if you pin by IP, you might get into trouble later on.
Kind regards,
Johan
OpenVPN Inc.
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support