split tuneling

[jimbo]

Hello,

We had setup a new openvpn server (rooted mode) on ubuntu LTS server. All client (win 7 and Linux) are connected, all route are push DNS too. We use the last stable version of openvpn.

All traffic use the vpn, if a client use a P2P client, streaming radio etc.. my vpn is impacted.

Can we separated the traffic and used the VPN only for special nat ? and exclude Internet, P2P, streaming etc.... ?

at this time we use the following configuration :

Code: Select all

# Port protocole et interface
mode server
proto udp
port 1122
#proto tcp
dev tun

# Chemin vers les fichiers ssl
ca serverconf/ca.crt
cert serverconf/ws-vpn.crt
key serverconf/ws-vpn.key
dh serverconf/dh2048.pem
#tls-auth serverconf/tls.key 0
cipher AES-256-CBC


# IP désirée pour le serveur
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
keepalive 10 120
ping-timer-rem
#tun-mtu 6000
fragment 0
mssfix 0
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status /var/log/openvpn/openvpn-status.log 10
status-version 2
# Because we use chroot
client-config-dir ccd
#client-config-dir /etc/openvpn/jail/ccd
ccd-exclusive
chroot /etc/openvpn/jail
log-append /var/log/openvpn/openvpn.log
verb 4
mute 20
management 127.0.0.1 5001

# On définit le serveur VPN comme passerelle par défaut pour les clients
push "redirect-gateway def1"
push "redirect-gateway"
push "ip-win32 dynamic"
push "route 192.168.10.0 255.255.255.0"
route 192.168.10.0 255.255.255.0

Thanks

[janjust]

you're using

push "redirect-gateway def1"

this redirect ALL traffic via the VPN; remove this line and push only those routes which are needed for your internal networks (192.168.10.0/24?)

Also, you're doing

push "route 192.168.10.0 255.255.255.0"
route 192.168.10.0 255.255.255.0

this means that all clients AND the server will redirect this network via the VPN - most likely this is NOT what you want.