deny internet, only intranet

This forum is for admins who are looking to build or expand their OpenVPN setup.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
LoOni3r
OpenVpn Newbie
Posts: 6
Joined: Mon Jun 14, 2021 10:59 pm

deny internet, only intranet

Post by LoOni3r » Thu Jun 17, 2021 12:07 pm

Hello everybody,

I want OpenVPN Community Edition on my Debian 9 vserver as my own alternative hamatchi use.
In addition, I would like to include a website that can only be accessed via the vpn server. I'm not at this point yet.

Openvpn-Server funktioniert. Ich und meine Leute können eine Verbindung herstellen und jeder hat Internet über openvpn,
I don't want internet to work through vpn.
I already know how to do that.

The problem:
Windows 10 still routs all traffic over the VPN.
How can I prevent this?


/etc/openvpn/server/server.conf:

Code: Select all

local 185.73.242.60
port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh.pem
auth SHA512
tls-crypt tc.key
topology subnet
server 10.8.0.0 255.255.255.0
server-ipv6 fddd:1194:1194:1194::/64
push "redirect-gateway def1 ipv6 bypass-dhcp"
ifconfig-pool-persist ipp.txt
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"
keepalive 10 120
cipher AES-256-CBC
user nobody
group nogroup
persist-key
persist-tun
verb 0
crl-verify crl.pem
explicit-exit-notify
client-to-client
explicit-exit-notify 1
I've already tested that:
Client:
desktop shortcut openvpn -> "C:\Program Files\OpenVPN Connect\OpenVPNConnect.exe" --pull-filter ignore redirect-gateway
and


Server (server.conf | everything individually and tested together):
#push "redirect-gateway def1 ipv6 bypass-dhcp"
push "redirect-gateway def1 bypass-dhcp"

#push "dhcp-option DNS 208.67.222.222"
#push "dhcp-option DNS 208.67.220.220"

push "route 10.8.0.0 255.255.255.255"

#push "redirect-gateway def1 ipv6 bypass-dhcp"
push "redirect-gateway def1"

#push "redirect-gateway def1 ipv6 bypass-dhcp"
push "redirect-gateway

push "route 10.8.0.0 255.255.255.255"

push "route 10.8.0.100 255.255.255.255"

#push "redirect-gateway def1 ipv6 bypass-dhcp"
push "redirect-gateway local def1"

I don't know what else I can test.
I hope someone can help me.
Many Thanks Regards
Last edited by LoOni3r on Thu Jun 17, 2021 9:59 pm, edited 1 time in total.

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: deny internet, only intranet

Post by TinCanTech » Thu Jun 17, 2021 8:09 pm

Now that you have finished stabbing wildly at the controls, it might just be time to consult the manual.

Before you hit that mountain ..

LoOni3r
OpenVpn Newbie
Posts: 6
Joined: Mon Jun 14, 2021 10:59 pm

Re: deny internet, only intranet

Post by LoOni3r » Thu Jun 17, 2021 9:04 pm

i not only read the manual but also googled 2 days before i wrote this post.

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: deny internet, only intranet

Post by TinCanTech » Thu Jun 17, 2021 9:08 pm

Then you are living proof that there is a big difference between reading the manual and understanding the manual.

Thank Maloch you don't fly aeroplanes.

If the manual is to technical for you then please see the howto.

LoOni3r
OpenVpn Newbie
Posts: 6
Joined: Mon Jun 14, 2021 10:59 pm

Re: deny internet, only intranet

Post by LoOni3r » Thu Jun 17, 2021 9:27 pm

the difference is that i learned english very poorly at school. Thank you for being so helpful

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: deny internet, only intranet

Post by TinCanTech » Thu Jun 17, 2021 9:29 pm

I could help but you need to stop frantically pressing buttons.

You want to not use --redirect-gateway completely

And if you can read any English at all then you are doing better than 75% of the rest of the world, so stop complaining.

LoOni3r
OpenVpn Newbie
Posts: 6
Joined: Mon Jun 14, 2021 10:59 pm

Re: deny internet, only intranet

Post by LoOni3r » Thu Jun 17, 2021 9:38 pm

ok it sounded like no help at all. My big problem is my lack of English and difficult to understand FAQs

I assume that this must be in the shortcut?:

Code: Select all

"C:\Program Files\OpenVPN Connect\OpenVPNConnect.exe" --redirect-gateway
&

Code: Select all

"C:\Program Files\OpenVPN Connect\OpenVPNConnect.exe" --redirect-gateway completely
I'm not sure if it is completely one of them

unfortunately did not work. The traffic from my browser, for example, is forwarded (ip-tracker.org).

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: deny internet, only intranet

Post by TinCanTech » Thu Jun 17, 2021 9:43 pm

The reason that things do not work is because you have not read the documentation.

Please start here:
viewtopic.php?f=30&t=22603

LoOni3r
OpenVpn Newbie
Posts: 6
Joined: Mon Jun 14, 2021 10:59 pm

Re: deny internet, only intranet

Post by LoOni3r » Thu Jun 17, 2021 9:47 pm

and again: thank you very helpful now i have solved the problem thanks to your help (irony)
edit: try using google translater to understand a difficult to understand FAQ in a foreign language.
How about a manual in German? German is a weapon!

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: deny internet, only intranet

Post by TinCanTech » Thu Jun 17, 2021 9:56 pm

This is a community and you have not shared your solution .. you hypocrite.

LoOni3r
OpenVpn Newbie
Posts: 6
Joined: Mon Jun 14, 2021 10:59 pm

Re: deny internet, only intranet

Post by LoOni3r » Thu Jun 17, 2021 9:58 pm

they don't seem to know what irony means. Google it

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: deny internet, only intranet

Post by TinCanTech » Thu Jun 17, 2021 10:39 pm

LoOni3r wrote:
Thu Jun 17, 2021 9:27 pm
the difference is that i learned english very poorly at school
LoOni3r wrote:
Thu Jun 17, 2021 9:58 pm
they don't seem to know what irony means. Google it
I know what irony means .. I fail to see anything ironic here.

But i do see your hypocrisy

Post Reply