Access to local lan where a client connected from?

Post Reply
OpenVpn Newbie
Posts: 1
Joined: Mon Jul 17, 2017 12:36 am

Access to local lan where a client connected from?

Post by large » Mon Jul 17, 2017 12:51 am


I am sorry if this question has been answered before.
But I cannot find an easy answer to this and I'm currently learning OpenVPN.
I want the clients to be able to connect to their own network while connected to the VPN.

All my clients wants to route all their traffic over the ip, that works fine with the "Should client Internet traffic be routed through the VPN?" option.

1. Server is running on a public ip, lets call it (server is behind a NAT and portforwarded)
2. Server local ip is
3. Clients are connected from a network with ip 192.168.10.x
4. An access rule for the works as expected (clients reaches units on the 192.168.0.x network)

Usually the clients are android units, so I use the OpenVPN connect app.
But here is the problem; after the connection is made the clients looses connection to the 192.168.10.x network (where they connected from).
I want that to be excluded from the routing, how is that possible?

After searching I found this little piece of solution

Code: Select all

route net_gateway
redirect-gateway def1
But I cannot find a way to enter this into the AS setup, nor any "exclude these networks" option.
If you can guide me in the right direction, I would be glad :)

OpenVPN User
Posts: 16
Joined: Thu Mar 28, 2013 8:31 am

Re: Access to local lan where a client connected from?

Post by chilinux » Tue Jul 18, 2017 12:48 am

Possibly this can be added under:

-> Advanced VPN Settings
-> Additional OpenVPN Config Directives (Advanced)
-> Client Config Directives

I think you can then add parameters you want to push to the client in that text box.

Otherwise you could try moving your servers to a different (less frequently used) RFC 1918 address space such as or It should be noted that 192.168.0.x/24 is popular among several consumer brand wifi access points.

An even better solution would be if you could switch your own network to IPv6 space assigned to you by a RIR as that should never clash. Keep in mind that OpenVPN can route IPv6 over IPv4 so even if the client's own ISP doesn't support IPv6, OpenVPN will still be able to assign an IPv6 address inside the tunnel and the client will be able to reach IPv6 addressed servers through the tunnel.

Post Reply