Split Tunneling on AWS hosted OpenVPN

This forum is for admins who are looking to build or expand their OpenVPN setup.
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
lordmata
OpenVpn Newbie
Posts: 4
Joined: Mon Apr 15, 2019 12:30 pm

Split Tunneling on AWS hosted OpenVPN

Post by lordmata » Mon Apr 15, 2019 12:32 pm

Hello,

I've configured an EC2 machine as my OpenVPN server and now I need to force only one IP through the VPN and the rest needs to go over a clients regular WAN connection.


It seems no matter what I do the traffic meter keeps increasing on the OpenVPN status window and everything seems to be going over the tunnel, instead of just the IP from the push route line in the server.conf

Server.conf

Code: Select all

port 1194
proto udp
dev tun
user nobody
group nogroup
persist-key
persist-tun
keepalive 10 120
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "dhcp-option DNS 1.0.0.1"
push "dhcp-option DNS 1.1.1.1"
push "route 66.66.25.47 255.255.255.255 vpn_gateway"
dh none
ecdh-curve prime256v1
tls-crypt tls-crypt.key 0
crl-verify crl.pem
ca ca.crt
cert server_SXZdPP6MLjDeLGNl.crt
key server_SXZdPP6MLjDeLGNl.key 
auth SHA256
cipher AES-128-GCM
ncp-ciphers AES-128-GCM
tls-server
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
status /var/log/openvpn/status.log
verb 3
Client.ovpn

Code: Select all

client
proto udp
remote 178.15.21.16 1194
dev tun
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
verify-x509-name server_SXZdPP6MLjDeLGNl name
auth SHA256
auth-nocache
cipher AES-128-GCM
tls-client
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
setenv opt block-outside-dns # Prevent Windows 10 DNS leak
verb 3
<ca>
Any ideas what I can do to just allow all traffic to this single IP over VPN and force everything else over the clients regular internet connection?

Thank you.

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 5718
Joined: Fri Jun 03, 2016 1:17 pm

Re: Split Tunneling on AWS hosted OpenVPN

Post by TinCanTech » Mon Apr 15, 2019 12:40 pm

lordmata wrote:
Mon Apr 15, 2019 12:32 pm
It seems no matter what I do the traffic meter keeps increasing on the OpenVPN status window and everything seems to be going over the tunnel
The only thing going via the tunnel is the address you specified and DNS,

lordmata
OpenVpn Newbie
Posts: 4
Joined: Mon Apr 15, 2019 12:30 pm

Re: Split Tunneling on AWS hosted OpenVPN

Post by lordmata » Mon Apr 15, 2019 1:38 pm

TinCanTech wrote:
Mon Apr 15, 2019 12:40 pm
lordmata wrote:
Mon Apr 15, 2019 12:32 pm
It seems no matter what I do the traffic meter keeps increasing on the OpenVPN status window and everything seems to be going over the tunnel
The only thing going via the tunnel is the address you specified and DNS,
When I check on status windows while watching a youtube video the traffic keeps increasing and when I google "what's my IP" it shows the IP of the AWS OpenVPN server. Should the traffic only increase if I'm doing stuff on the IP in the route and DNS queries? And shouldn't the IP show my local ISP IP, not the AWS one?

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 5718
Joined: Fri Jun 03, 2016 1:17 pm

Re: Split Tunneling on AWS hosted OpenVPN

Post by TinCanTech » Mon Apr 15, 2019 5:00 pm

The configs which you posted prove that your internet traffic is only routed to the VPN server for one specific address and two DNS servers.

lordmata
OpenVpn Newbie
Posts: 4
Joined: Mon Apr 15, 2019 12:30 pm

Re: Split Tunneling on AWS hosted OpenVPN

Post by lordmata » Mon Apr 15, 2019 5:12 pm

Shouldn't I be seeing my local public IP when checking "what's my ip" and similar sites instead of the AWS server public IP? Or is that showing up because of the DNS I'm pushing?
Should the traffic monitor show in and out data even though traffic is not happening on the VPN server? Doesn't really make sense that the traffic would increase while watching youtube when connected to the VPN.
Image

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 5718
Joined: Fri Jun 03, 2016 1:17 pm

Re: Split Tunneling on AWS hosted OpenVPN

Post by TinCanTech » Mon Apr 15, 2019 5:19 pm

lordmata wrote:
Mon Apr 15, 2019 5:12 pm
Shouldn't I be seeing my local public IP when checking "what's my ip" and similar sites instead of the AWS server public IP?
You should ask "what's my ip" what it is they are checking.
lordmata wrote:
Mon Apr 15, 2019 5:12 pm
Should the traffic monitor show in and out data even though traffic is not happening on the VPN server?
See --keepalive in the manual.

Please see:
viewtopic.php?f=30&t=22603

Post Reply