How to redirect traffic only for specific IPs?

[vadym.bukevych@gmail.com]

Hi

I have 2 VPSs under Windows2016, one one i have openVPN server and on the other OpenVPN client

which lines to add and on which config to redirect cia vpn connection only for list of specific IPs?
there are 4-6 IPs which will be required to be redirected
now i have

push "redirect-gateway def1"

and all the traffic is redirected.

[ecrist]

Don't use the push line you mentioned. Use a line like:

Code: Select all

push "route 1.2.3.4 255.255.255.255"

Add one of those for all six IPs you wanted routed over the VPN.

[vadym.bukevych@gmail.com]

I have followed your advice, but the problem still persists.
Here are my config files, maybe you can point me out where i did make mistake, still ALL the traffic is redirected via OpenVPN

Client:

View Originalclient

port 1194
proto udp
dev tun
dev-node UKServer
dh "C:\\Program Files\\OpenVPN\\ssl\\dh2048.pem"
ca "C:\\Program Files\\OpenVPN\\ssl\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\ssl\\UKserver.crt"
key "C:\\Program Files\\OpenVPN\\ssl\\UKserver.key"
server 172.16.10.0 255.255.255.0
max-clients 32
keepalive 10 120
client-to-client
comp-lzo
persist-key
persist-tun
cipher DES-CBC
status "C:\\Program Files\\OpenVPN\\log\\status.log"
log "C:\\Program Files\\OpenVPN\\log\\openvpn.log

push "route 1.2.3.4 255.255.255.255"
push "route 1.2.3.4255.255.255.255"
push "route 1.2.3.4 255.255.255.255"

verb 4
mute 20

Server

View Originalserver

port 1194
proto udp
dev tun
dev-node UKServer
dh "C:\\Program Files\\OpenVPN\\ssl\\dh2048.pem"
ca "C:\\Program Files\\OpenVPN\\ssl\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\ssl\\UKserver.crt"
key "C:\\Program Files\\OpenVPN\\ssl\\UKserver.key"
server 172.16.10.0 255.255.255.0
max-clients 32
keepalive 10 120
client-to-client
comp-lzo
persist-key
persist-tun
cipher DES-CBC
status "C:\\Program Files\\OpenVPN\\log\\status.log"
log "C:\\Program Files\\OpenVPN\\log\\openvpn.log"


push "route 1.2.3.4 255.255.255.255"
push "route 1.2.3.4 255.255.255.255"
push "route 1.2.3.4 255.255.255.255"




verb 4
mute 20
[/oconf

[300000]

Which ip address do you want to redirect traffic ? and how you you like openvpn behavior ? you ask a very genera question so people dont know what you want.

[ecrist]

The push routes don't belong in the client configuration. Those only go in the server logs. Also, you need to have a normal route statement, as well. So your server configuration should resemble something like this:

View Originalserver.conf

port 1194
proto udp
dev tun
dev-node UKServer
dh "C:\\Program Files\\OpenVPN\\ssl\\dh2048.pem"
ca "C:\\Program Files\\OpenVPN\\ssl\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\ssl\\UKserver.crt"
key "C:\\Program Files\\OpenVPN\\ssl\\UKserver.key"
server 172.16.10.0 255.255.255.0 10max-clients 32
keepalive 10 120
client-to-client
comp-lzo
persist-key
persist-tun
cipher DES-CBC
status "C:\\Program Files\\OpenVPN\\log\\status.log"
log "C:\\Program Files\\OpenVPN\\log\\openvpn.log"
push "route 2.3.4.5 255.255.255.255"
push "route 3.4.5.6 255.255.255.255"
push "route 1.2.3.4 255.255.255.255"
route 2.3.4.5 255.255.255.255
route 3.4.5.6 255.255.255.255
route 1.2.3.4 255.255.255.255
verb 4
mute 20

The "push" statements are what are sent to the VPN clients when they connect. The route statements tell the OpenVPN process what IPs it needs to pass traffic for.

This is not all that needs to be considered, however. The hosts you're routing for (1.2.3.4, 2.3.4.5, and 3.4.5.6 in our example), need to know how to route back to the VPN clients. Either that, or you need to NAT the traffic from the VPN server to those hosts, so they can route back to the VPN server and it can do the translation back to the clients.