Configure OpenVPN to not route all traffic through the VPN

Need help configuring your VPN? Just post here and you'll get that help.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
ben_rennigen
OpenVpn Newbie
Posts: 1
Joined: Sun Jul 02, 2023 11:46 am

Configure OpenVPN to not route all traffic through the VPN

Post by ben_rennigen » Mon Dec 25, 2023 8:25 am

Hello all,

first, happy Christmas to you all!

I started learning about OpenVPN (there is so much to learn…) and did setup my first VPN with one server (Debian) and two clients (Windows 11).

Everything works fine, the traffic is routed through the VPN and I can ping the VPN-IPs.

My goal is to be able to do remote support via (Ultra)VNC over the VPN, so I can connect from one client to another client via its VPN-IP - this also already works, a great first success for me.

Now I have another requirement:

I want all traffic of the clients NOT so be routed through the VPN (like opening a Website, reading Emails or downloading a file), but only the VNC connection for remote support. Or in other words, I want to connect from VPN-client A to VPN-client B via VNC using the VPN-IP of B. But all other traffic should be normal, without VPN.

Please, see my configurations and the OpenVPN version below.

I tried to read about that but I’m afraid I’m stuck here. My first attempt was removing the line

Code: Select all

push "redirect-gateway def1"
That caused the client to not be able to resolve domain names like google.com (but the client was online, it could ping googles IP).

It would be great if someone with more experience than me could give me a hint how to do it.

If I can give you any more information, please just say so.


Thanks a lot for your help!


My server config:

Server Config

dev tun
proto udp
port 1194
ca /etc/openvpn/easy-rsa/pki/ca.crt
cert /etc/openvpn/easy-rsa/pki/issued/localhost_2857d71f-6c56-4b41-1232-8d1975830b15.crt
key /etc/openvpn/easy-rsa/pki/private/localhost_2857d71f-6c56-4b41-1232-8d1975830b15.key
dh none
ecdh-curve prime256v1
topology subnet
server 10.255.107.0 255.255.255.0
push "dhcp-option DNS 9.9.9.9"
push "dhcp-option DNS 149.112.112.112"
push "block-outside-dns"
push "redirect-gateway def1"
client-to-client
client-config-dir /etc/openvpn/ccd
keepalive 15 120
remote-cert-tls client
tls-version-min 1.2
tls-crypt /etc/openvpn/easy-rsa/pki/ta.key
cipher AES-256-CBC
auth SHA256
user openvpn
group openvpn
persist-key
persist-tun
crl-verify /etc/openvpn/crl.pem
status /var/log/openvpn-status.log 20
status-version 3
syslog
verb 3


OpenVPN version

OpenVPN 2.6.3 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] [DCO]
library versions: OpenSSL 3.0.11 19 Sep 2023, LZO 2.10



Kind regards,
Ben
Top
Post Reply

Return to “Configuration”