[Solved] Use VPN tunnel just for accessing shares not going to internet though it

[elmoxol]

Hi,

Can i use my VPN just for accessing my shares?
I mean, i need my internet connection at work untouched so when i connect my VPN normally (push redirect-gateway and DNS) i can access my shares but my work PC internet connection fails with many services i need. So i want to use my works PC internet connection as it is but access my PC (OVPN Server) through VPN, just use vpn tunnel when i use my local pc IP (\\localIP) and access internet and local network at work as always.

thanks in advance
Elmo

[TinCanTech]

Yes this can be done; Simply push the route for your home network to your client.

Note: Ensure you do not have a network conflict.

[elmoxol]

Hi TinCanTech! thks again... jeje

Yes i did it, i always push home lan route to client. But it does not work.
<push route "10.0.0.0 255.255.255.0">

Lan are different so i supposed there is no conflict, if you mean conflict because of that.

Same Home PC:
LAN 10.0.0.0/24
VPN 10.0.1.0/24 - 10.0.1.1

Work PC:
LAN 172.20.254.0/16
VPN 10.0.1.0/24 - 10.0.1.6

i can ping from home PC Ethernet (10.0.0.1) to server TUN nic (10.0.1.1) and vpn client at work (10.0.1.6)
i can not ping from client at work (10.0.1.6) to home lan ip (10.0.0.1) nor home vpn server (10.0.1.1)
so can not access \\10.0.0.1 nor \\10.0.1.1

if i do it as usual, i mean, push redirect-gateway and DNS (i have home lan ethernet internet connection shared with tun in order to connect to internet through vpn) all is going on perfect (access shares and going to the internet) but i lost internet services at work so i can not do that)
So i commented push redirect-gateway and DNS disabling all traffic through VPN, and now can go to the internet at work normally but can not access shared files at home. WTF!

Thks in advance
Elmo

[TinCanTech]

i can ping from home PC Ethernet (10.0.0.1) to server TUN nic (10.0.1.1) and vpn client at work (10.0.1.6)

OK .. sounds like routing and IP_Forwarding is good ..

i can not ping from client at work (10.0.1.6) to home lan ip (10.0.0.1) nor home vpn server (10.0.1.1)

Sounds like a firewall problem.

If the VPN works in one direction: Home to Work .. but not the other: Work to Home .. I would check your Work and Server firewalls.

[elmoxol]

ok, but its strange so if i get it work redirecting all traffic through VPN why not disabling it (push redirect-gateway)?

I mean, it supposed that push redirect-gateway directive is needed for redirecting all traffic through VPN and it works good if was firewall problem i understand it would not work but it does. ¿?

I have no access to my corporate router/firewall, just mine at home and i tried with and without AV/Firewall, adding static route in my router (default gw) ...
So i do not understand why is working redirecting all traffic but not without doing it.

thks man

[elmoxol]

WoW Im confused ... it works!! ... partially but it does ... I have not done anything!

I just tried again without AV/Firewall just in case and suddenly it work (but i have tried this many times) so i think ...ouch fu** firewall?? not possible... and activate it again and also works! So i very confused because i have not changed anything and now works like a charm ...

But i can access with VPN server ip (10.0.1.1) does not matter but why not to \\10.0.0.1 (lan ip)??

THKS
So happy again, more than past days!

[TinCanTech]

i can access with VPN server ip (10.0.1.1) does not matter but why not to \\10.0.0.1

Steps:

• push the route 10.0.0.0/24
• ensure ip_forwarding is enabled
• check firewalls
• check openvpn logs @ --verb 4 without --mute (client and server) for errors

[elmoxol]

Thanks TinCanTech,

Does not matter. All is done and checked. I do not know why i have to access home with vpn ip and not with lan ip but i can access so, nevermind.

Now im trying to get connected both at the same time, Android client and work PC client ... it is frustrating ... when i connect a second client it receives the same IP than the first one and get disconnected.
i need more and more ... haha

Thank u very much for your time!

[TinCanTech]

See --duplicate-cn in The Manual v23x

[elmoxol]

See --duplicate-cn in The Manual v23x

Not suppose to be unsafe?
Is there a way to do it another way?

thks

just asking...

[TinCanTech]

Read the HOWTO:
Setting up your own Certificate Authority (CA) and generating certificates and keys for an OpenVPN server and multiple clients

[elmoxol]

Moderators you can close this topic and marc as solved!

Thks all of you