Don't route all traffic through VPN by client configuration

This forum is for admins who are looking to build or expand their OpenVPN setup.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
kaushalshriyan
OpenVPN User
Posts: 22
Joined: Thu Sep 08, 2016 9:43 am

Don't route all traffic through VPN by client configuration

Post by kaushalshriyan » Sun Feb 27, 2022 2:34 pm

Hi,

I am running the below OpenVPN Server version on CentOS Linux release 7.9.2009 (Core). I do not want to route all traffic through VPN by client configuration. I have shared the below configs.

Code: Select all

OpenVPN 2.5.5 x86_64-redhat-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Dec 15 2021
library versions: OpenSSL 1.0.2k-fips  26 Jan 2017, LZO 2.06
Originally developed by James Yonan
Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
Compile time defines: enable_async_push=yes enable_comp_stub=no enable_crypto_ofb_cfb=yes enable_debug=yes enable_def_auth=yes enable_dependency_tracking=no enable_dlopen=unknown enable_dlopen_self=unknown enable_dlopen_self_static=unknown enable_fast_install=yes enable_fragment=yes enable_iproute2=no enable_libtool_lock=yes enable_lz4=yes enable_lzo=yes enable_management=yes enable_multihome=yes enable_pam_dlopen=no enable_pedantic=no enable_pf=yes enable_pkcs11=yes enable_plugin_auth_pam=yes enable_plugin_down_root=yes enable_plugins=yes enable_port_share=yes enable_selinux=yes enable_shared=yes enable_shared_with_static_runtimes=no enable_silent_rules=yes enable_small=no enable_static=yes enable_strict=no enable_strict_options=no enable_systemd=yes enable_werror=no enable_win32_dll=yes enable_x509_alt_username=yes with_aix_soname=aix with_crypto_library=openssl with_gnu_ld=yes with_mem_check=no with_sysroot=no
Server Config

# This is a comment
server 10.8.0.0 255.255.255.0
verb 3
key /etc/openvpn/server.key
ca /etc/openvpn/ca.crt
cert /etc/openvpn/server.crt
dh /etc/openvpn/dh2048.pem
keepalive 10 120
persist-key
persist-tun
sndbuf 0
rcvbuf 0
push "sndbuf 393216"
push "rcvbuf 393216"
push "redirect-gateway def1"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
push "route 192.168.0.0 255.255.255.0"
duplicate-cn
user nobody
group nobody

proto tcp
port 1195
dev tun
status /var/log/openvpn-status.log 60
status-version 2
log-append openvpn.log



Client Config

dev tun
proto tcp
remote n.n.n.n 1195
cipher AES-256-GCM
auth SHA1
resolv-retry infinite
nobind
persist-key
persist-tun
client
verb 3
pull-filter ignore redirect-gateway
key office.key
cert office.crt
ca ca.crt


Please let me know if both server and client configs are correct which will not route all traffic through OpenVPN. Is there a way to verify in OpenVPN server or client logs that the settings to set up split tunneling, only traffic that is destined for the subnets on the Internal LAN will go through the VPN tunnel and other traffic will go through the user's normal internet connection?

Thanks in advance.

Best Regards,

Kaushal
Top
TinCanTech
OpenVPN Protagonist
Posts: 11139
Joined: Fri Jun 03, 2016 1:17 pm

Re: Don't route all traffic through VPN by client configuration

Post by TinCanTech » Sun Feb 27, 2022 6:04 pm

Your config will disable redirecting the client gateway for that client only.

However, if your client is Linux then your pushed DNS will have no effect.
You need a script: https://github.com/OpenVPN/openvpn/tree ... esolv-conf
Top
Post Reply

Return to “Server Administration”