Use local gateway rather than OpenVPN remote gateway?

Need help configuring your VPN? Just post here and you'll get that help.
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
BobAGI
OpenVPN Power User
Posts: 78
Joined: Mon May 05, 2014 10:17 pm

Use local gateway rather than OpenVPN remote gateway?

Post by BobAGI » Fri Oct 20, 2017 3:52 pm

If I configure my Windows Server hosted OpenVPN server uisng the directive:

Code: Select all

push "redirect-gateway def1 bypass-dhcp"
is it then possible to connect a client (= my Win7 PC) without using the remote gateway for Internet browsing?
If so how would I accomplish this?
(I tried using the new oconf tag but it did not work...)

Pippin
OpenVPN Expert
Posts: 269
Joined: Wed Jul 01, 2015 8:03 am

Re: Use local gateway rather than OpenVPN remote gateway?

Post by Pippin » Fri Oct 20, 2017 4:01 pm

Don`t "push redirect..."
or use --pull-filter client side, see manual 2.4

BobAGI
OpenVPN Power User
Posts: 78
Joined: Mon May 05, 2014 10:17 pm

Re: Use local gateway rather than OpenVPN remote gateway?

Post by BobAGI » Fri Oct 20, 2017 10:53 pm

Thanks,
what I want to do is to configure the server to handle the client's browsing unless the client wants to use its normal gateway.
In that case the tunnel should only be used to access the devices on the remote network but not reach further.
This cannot be set on the server side but has to be blocked on the client side.
The server must always push the gateway change as shown above but the client should be able to refuse the push.

So in the case of a phone using the OpenVPN server, its ovpn file should just have the normal stuff and once connected its traffic to the Internet should go through the tunnel as well as the traffic to the remote network.
But in the case of the Windows PC sitting on my home LAN I don't want the Internet traffic go through the tunnel because I have a much better fiber connection here, so I would like to modify the ovpn file with some command (which?) that will not accept the server push for gateway modification.
I tried to find that in the manual for 2.4 but it is way too dense for me to understand...
So could you please tell me what to write into the client ovpn file in order to block the server side push for gateway change??
Should it maybe be:

Code: Select all

pull-filter ignore "route-gateway"

BobAGI
OpenVPN Power User
Posts: 78
Joined: Mon May 05, 2014 10:17 pm

Re: Use local gateway rather than OpenVPN remote gateway?

Post by BobAGI » Sat Oct 21, 2017 5:58 am

I tested on a Win7 laptop using a working ovpn file as follows:
- made a copy of the ovpn file and renamed it to a new name
- Edited the file by adding the second line:

Code: Select all

client 
pull-filter ignore "route-gateway "
dev tun 
proto udp 
...
Does this option need to be located at a specific position inside the ovpn file?
The manual does not really tell.
Since I used OpenVPN-GUI from a 2.3.4 installer I downloaded and installed the latest version so I am now on 2.4.4 on the client side.

The problem is that no matter which ovpn file I use my internet browsing runs through the remote gateway when I am connected by VPN.
Using one or the other ovpn file does not change this at all..

Any ideas?

Pippin
OpenVPN Expert
Posts: 269
Joined: Wed Jul 01, 2015 8:03 am

Re: Use local gateway rather than OpenVPN remote gateway?

Post by Pippin » Sat Oct 21, 2017 9:53 am

Manual says:
pull-filter accept|ignore|reject text
You want to ignore redirect gateway, not route gateway.....

The config file is read line by line, each directive needs it`s own line, line order doesn`t matter.

BobAGI
OpenVPN Power User
Posts: 78
Joined: Mon May 05, 2014 10:17 pm

Re: Use local gateway rather than OpenVPN remote gateway?

Post by BobAGI » Sat Oct 21, 2017 10:01 am

Pippin wrote:
Sat Oct 21, 2017 9:53 am
Manual says:
pull-filter accept|ignore|reject text
You want to ignore redirect gateway, not route gateway.....

The config file is read line by line, each directive needs it`s own line, line order doesn`t matter.
I changed my client ovpn file so it reads like this:

Code: Select all

client 
pull-filter ignore "redirect-gateway" 
dev tun 
proto udp 
remote *mydomain*.com 1194 
resolv-retry infinite 
nobind 
persist-key 
persist-tun 
mute-replay-warnings 
ns-cert-type server 
key-direction 1 
cipher AES-128-CBC 
comp-lzo 
verb 1 
mute 20
..Keys follow, not shown...
When I connect using this I still have the same result when I check my IP at http://checkip.dyndns.com/
It still shows the remote servers public IP rather than my own public IP...

BobAGI
OpenVPN Power User
Posts: 78
Joined: Mon May 05, 2014 10:17 pm

Re: Use local gateway rather than OpenVPN remote gateway?

Post by BobAGI » Mon Oct 30, 2017 12:23 pm

I solved this in a different way:
On the server side I am running two instances of openvpn, on two separate UDP ports.
Each has its own conf file so in one I have disabled the redirect-gateway directive, which makes connections to this port only pass LAN traffic through the tunnel and Internet through the original client-side gateway.
I am good with this because it is basically the same on the client side, two slightly different OVPN profile files.

Post Reply