Force disable redirect gateway

Need help configuring your VPN? Just post here and you'll get that help.
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
utkarsh
OpenVpn Newbie
Posts: 2
Joined: Sat Sep 21, 2019 12:24 am

Force disable redirect gateway

Post by utkarsh » Sat Sep 21, 2019 1:05 am

Hi, I want to setup openvpn server where clients cannot use it to redirect the traffic, but only connect to other LANs in the network.

From my understanding removing push redirect-gateway from server.conf file should allow traffic from not being shaped/redirected by default but they can still redirect its traffic and override server settings by modifying client ovpn file. Is it possible to restrict the client to only ping/connect to other network devices while not redirecting the traffic.

Currently, all traffic is shaped from ovpn server and its throttling the bandwidth of server. I tried removing push redirect gateway def1 from server config file, after which client is not able to connect to internet

User avatar
Pippin
OpenVPN Expert
Posts: 489
Joined: Wed Jul 01, 2015 8:03 am

Re: Force disable redirect gateway

Post by Pippin » Sat Sep 21, 2019 11:59 am

they can still redirect its traffic and override server settings by modifying client ovpn file.
Server side firewall rules in the FORWARD chain on tun interface allowing access to the LAN side subnet(s) only.

Image

utkarsh
OpenVpn Newbie
Posts: 2
Joined: Sat Sep 21, 2019 12:24 am

Re: Force disable redirect gateway

Post by utkarsh » Fri Sep 27, 2019 6:59 am

Thanks for the response. Since this is first time I am trying to set up vpn, are there any walk-through/ references/ guide to set up these rules. What we need is to access only a single Linux (ubuntu) server out of few machines in that network, which lies in the same network as that of vpn machine.

tomty89
OpenVpn Newbie
Posts: 3
Joined: Fri Sep 27, 2019 7:07 am

Re: Force disable redirect gateway

Post by tomty89 » Fri Sep 27, 2019 7:45 am

I tried removing push redirect gateway def1 from server config file, after which client is not able to connect to internet
I think you want to figure out why this happens first.
Other than this, it's really about firewalling in the server. Something like this should do:

Code: Select all

iptables -A FORWARD -i tun -o eth -d host_or_network -m conntrack --ctstate NEW -j ACCEPT
iptables -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i tun -j DROP

mistermaster
OpenVpn Newbie
Posts: 3
Joined: Wed Nov 06, 2019 7:54 am

Re: Force disable redirect gateway

Post by mistermaster » Wed Nov 06, 2019 8:54 am

tomty89 wrote:
Fri Sep 27, 2019 7:45 am

Code: Select all

iptables -A FORWARD -i tun -o eth -d host_or_network -m conntrack --ctstate NEW -j ACCEPT
iptables -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i tun -j DROP
I have tried this 3 lines of code and it works!
Now I have access only to the clients that I want.
Thanks.

Post Reply