I've succesfully setup openvpn to use all trafic over it, but some colleagues are complaning that proper routing need to be setup.
I've setup OpenVPN via official howto:
https://openvpn.net/community-resources/how-to/
And I've setup basic routing via this example to serve all internet access via VPN:
https://arashmilani.com/post?id=53
I would like to setup internet usage over eth0 from my internet provider and usage of tun0 only for certain IP addresses. How can one acomplish that?
I tried adding route-nopull to the client config but it seems to not work when there is more then one route.
There are total 12 different possible routes to over 20 servers I've tried to incorporate.
I've censored IP's with x and y in client.conf. Bellow is server.conf and client.conf
Server Config
port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key # This file should be kept secret
dh dh2048.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist /var/log/openvpn/ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"
keepalive 10 120
tls-auth ta.key 0 # This file is secret
cipher AES-256-CBC
auth SHA256
persist-key
persist-tun
status /var/log/openvpn/openvpn-status.log
log /var/log/openvpn/openvpn.log
log-append /var/log/openvpn/openvpn.log
verb 3
explicit-exit-notify 1
Client Config
client
dev tun
proto udp
remote xxx.xxx.xxx.xxx 1194
route-nopull
route xxx.xxx.xxx.0 255.255.255.0
route yyy.yyy.yyy.0 255.255.255.0 ;(when turned on, first ip doesn't work and this one as well, it just uses default IP from eth0)
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
cipher AES-256-CBC
auth SHA256
verb 3
<ca>
...
...
...
TLDR: I just want to setup to route all server access via VPN and all non server access via my internet so people in my company can use.
Thanks in advance to all who help