How to create a client with a Split tunnel?

[katorce]

Well, I have a raspberry PI Server, with a computer at home, and I have openVPN to connect to that VPN.
Right now the use is to encrypt the data where I am in a public location but I would like to be able to Wake On Lan the computer next to the raspberry PI and be able to do remote desktop to that computer (windows 7). I will solve the WOL in another forum so.

1st: I want to configure this computer to connect automatically every time it turns on to VPN, I don't know how to as know I have to right click each time and insert a password. So, How can I achieve that?

2nd: There is no need to add latency to this computer, as the output of the raspberry and itself is the same, they are connected to the same router. So I would like to split tunnel the connection. As the computer has 2 lan ports, I think using the second one to do that, but then I think, there is probably a easier solution using software. So how can I do that?

The client conf file is now as this:

Code: Select all

client 

dev tun 

proto udp 

remote xxx.privateip.ip 4848494

resolv-retry infinite 

nobind 

persist-key 

persist-tun 

mute-replay-warnings 

ns-cert-type server 

key-direction 1 

cipher AES-128-CBC 

comp-lzo 

verb 1 

mute 20

[Traffic]

1st: I want to configure this computer to connect automatically every time it turns on to VPN, I don't know how to as know I have to right click each time and insert a password

If you have to put in user/password then .. to start up automatically you must save the user/password to an unencrypted file on your PC .. is that really what you want ?

Perhaps you should review your security protocol ..
https://openvpn.net/index.php/open-sour ... o.html#pki

[katorce]

It would be better to connect seamless without having the password in a text file. But I do not know how can be possible to do so without compromising the other devices which do need to introduce the password.

Still I am more interested how the split tunnel for this specific computer can be done. After all, this is a home setup.

[Traffic]

You do not need to use passwords .. use a certificate based PKI.
http://openvpn.net/index.php/open-sourc ... o.html#pki

Or you can selectively use passwords for only certain clients.

If you want to connect to the W7 PC from the remote VPN client then have the W7 PC connect to the VPN automatically. It is a simple setup .. just the follow the HOWTO.

I do not understand what you mean by "split tunnel" ?

[katorce]

I have been looking at the wiki and still it has no solve what I want.

Windows

The Windows installer will set up a Service Wrapper, but leave it turned off by default. To activate it, go to Control Panel / Administrative Tools / Services, select the OpenVPN service, right-click on properties, and set the Startup Type to Automatic. This will configure the service for automatic start on the next reboot.

When started, the OpenVPN Service Wrapper will scan the \Program Files\OpenVPN\config folder for .ovpn configuration files, starting a separate OpenVPN process on each file.

This make openVPN to start at the startup, but it doesn´t stablish the connection to the VPN server automatically, still requires me to login as user into windows, click on it, and insert my password.

What I want it is even before any user login (into windows), to be automatically connected to the VPN. The reason I want this is in order to wakeonlan the computer with the raspberry, and connect to remote desktop to use this computer from my laptop when I am not at home.

I just need to know how to tell the service, use this ovpn file, use this password, and do it before any user login. Try 5 times, if it fails, just ignore it.

I don´t mind if the key has to be in a plain text somewhere in my computer. I really tried to look how to tell the service to do that in the wiki but I cannot find it. Perhaps it is because it is not possible to do so.

[Traffic]

I just need to know how to tell the service, use this ovpn file, use this password, and do it before any user login

You must use a password file saved on your computer.

See --auth-user-pass (under client options) in The Manual v23x

[Skaperen]

I do not understand what you mean by "split tunnel" ?

me, too.

what is a split tunnel?

[Halems]

I do not understand what you mean by "split tunnel" ?

me, too.

what is a split tunnel?

https://en.wikipedia.org/wiki/Split_tunneling

[mwandelaar]

As your PC and the Raspberry Pi VPN-server are on the same lan, IMHO you don't really need the security of a VPN on that network.
Why don't you just route your local lan through the VPN, as described here ?
That way you dont need anything extra on the pc and you can RDP into the machine, using it's local LAN-address.