VPN gateway for some targets

This forum is for admins who are looking to build or expand their OpenVPN setup.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
gustavson79
OpenVpn Newbie
Posts: 5
Joined: Thu Jan 31, 2019 2:39 pm

VPN gateway for some targets

Post by gustavson79 » Tue Jan 18, 2022 10:00 am

Hi,

i hope im in the right section. I would like to setup a vpn gateway for some of my clients in my home network, the vpn gateway should just be used for targets with a special port.

I've got running a vpn client in proxmox vm that can be used as a vpn gateway when configuring the clients with the proxmox vm as gateway. I would add a configuration, that only if a special port (e.g. 8080) should be connected from a client, the vpn tunnel is used. Otherwise my "normal" internet connection should be used.

I hope you can understand what im planing to do.

Any proposals about how to do that?

Best Regards

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: VPN gateway for some targets

Post by TinCanTech » Tue Jan 18, 2022 3:05 pm


gustavson79
OpenVpn Newbie
Posts: 5
Joined: Thu Jan 31, 2019 2:39 pm

Re: VPN gateway for some targets

Post by gustavson79 » Wed Jan 19, 2022 6:48 am

Hi,

whats your point? As you can see my question about the gateway i could resolve. Now i want something more special. So is just nobody here who could answer it or is it not possible?

Regards

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: VPN gateway for some targets

Post by TinCanTech » Wed Jan 19, 2022 1:56 pm

They looked related to me.

I do not understand what you are trying to do, though it sounds similar to a proxy.

User avatar
openvpn_inc
OpenVPN Inc.
Posts: 1333
Joined: Tue Feb 16, 2021 10:41 am

Re: VPN gateway for some targets

Post by openvpn_inc » Thu Jan 20, 2022 3:24 pm

gustavson79 wrote:
Tue Jan 18, 2022 10:00 am
i hope im in the right section. I would like to setup a vpn gateway for some of my clients in my home network, the vpn gateway should just be used for targets with a special port.

I've got running a vpn client in proxmox vm that can be used as a vpn gateway when configuring the clients with the proxmox vm as gateway. I would add a configuration, that only if a special port (e.g. 8080) should be connected from a client, the vpn tunnel is used. Otherwise my "normal" internet connection should be used.

I hope you can understand what im planing to do.

Any proposals about how to do that?
Hi Gus,

No, it's not entirely clear to me either. Routing is done on the basis of IP addresses, not services/ports. Yes, it does sound like you might want a web proxy, not a VPN.

That said, OpenVPN Access Server has some wonderful kludges which do that, to route only certain specified services through the VPN. TBH I have never messed with that, so I don't know what it looks like, but AS is free (as in beer) to download and play with. If you see how AS does this, you can surely also implement it in community version openvpn(8).

hth, regards, rob0
Image OpenVPN Inc.
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support

gustavson79
OpenVpn Newbie
Posts: 5
Joined: Thu Jan 31, 2019 2:39 pm

Re: VPN gateway for some targets

Post by gustavson79 » Thu Jan 20, 2022 4:25 pm

First, thanks for your replys. I try again to explain what i'd like to do.

I want to access the internet from a normal client in my lan over the vpn gateway. But the vpn connection of the gateway should only be used, if a special service (e.g. port 8080) is used by the client.

For example the client should connect through the vpn connection to a forum site i dont want to visit without vpn. But when i play a game on the same client the vpn connection should not be used. I dont want to change the default gateway on the client then, the decision should be made by the vpn gateway depending on the port i want to access. I hope it's more clear now, my english doesnt help so much explaining something like this :).

Regards

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: VPN gateway for some targets

Post by TinCanTech » Thu Jan 20, 2022 5:23 pm

Openvpn can "sort of" do what you want but not the way you want it. Openvpn has no idea of services you use over the VPN, it just routes what you configure it to route.

So, with that model, you would need to specify every single route (For games) that you do not want to pass over the VPN and configure them all in your client. The rest would then be routed via the VPN. But that is way too messy to be of value.

Instead, what you probably need is Policy Routing at the server and the client.

You can batter your head against a brick wall over this for as long as you like but the simple answer is, only use the VPN when you need it, otherwise, do not use it.

Post Reply