How to redirect traffic only for specific IPs?

This forum is for admins who are looking to build or expand their OpenVPN setup.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
vadym.bukevych@gmail.com
OpenVpn Newbie
Posts: 3
Joined: Tue Jun 16, 2020 8:18 am

How to redirect traffic only for specific IPs?

Post by vadym.bukevych@gmail.com » Tue Sep 15, 2020 2:21 pm

Hi

I have 2 VPSs under Windows2016, one one i have openVPN server and on the other OpenVPN client

which lines to add and on which config to redirect cia vpn connection only for list of specific IPs?
there are 4-6 IPs which will be required to be redirected
now i have

push "redirect-gateway def1"

and all the traffic is redirected.

User avatar
ecrist
Forum Team
Posts: 237
Joined: Wed Nov 26, 2008 10:33 pm
Location: Northern Minnesota, USA
Contact:

Re: How to redirect traffic only for specific IPs?

Post by ecrist » Wed Sep 16, 2020 4:08 am

Don't use the push line you mentioned. Use a line like:

Code: Select all

push "route 1.2.3.4 255.255.255.255"
Add one of those for all six IPs you wanted routed over the VPN.
OpenVPN Community Administrator
IRC: #openvpn, #openvpn-devel
Co-Author of Mastering OpenVPN
Author of Troubleshooting OpenVPN

vadym.bukevych@gmail.com
OpenVpn Newbie
Posts: 3
Joined: Tue Jun 16, 2020 8:18 am

Re: How to redirect traffic only for specific IPs?

Post by vadym.bukevych@gmail.com » Wed Sep 16, 2020 8:05 am

I have followed your advice, but the problem still persists.
Here are my config files, maybe you can point me out where i did make mistake, still ALL the traffic is redirected via OpenVPN

Client:
client


port 1194
proto udp
dev tun
dev-node UKServer
dh "C:\\Program Files\\OpenVPN\\ssl\\dh2048.pem"
ca "C:\\Program Files\\OpenVPN\\ssl\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\ssl\\UKserver.crt"
key "C:\\Program Files\\OpenVPN\\ssl\\UKserver.key"
server 172.16.10.0 255.255.255.0
max-clients 32
keepalive 10 120
client-to-client
comp-lzo
persist-key
persist-tun
cipher DES-CBC
status "C:\\Program Files\\OpenVPN\\log\\status.log"
log "C:\\Program Files\\OpenVPN\\log\\openvpn.log

push "route 1.2.3.4 255.255.255.255"
push "route 1.2.3.4255.255.255.255"
push "route 1.2.3.4 255.255.255.255"

verb 4
mute 20


Server
server

port 1194
proto udp
dev tun
dev-node UKServer
dh "C:\\Program Files\\OpenVPN\\ssl\\dh2048.pem"
ca "C:\\Program Files\\OpenVPN\\ssl\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\ssl\\UKserver.crt"
key "C:\\Program Files\\OpenVPN\\ssl\\UKserver.key"
server 172.16.10.0 255.255.255.0
max-clients 32
keepalive 10 120
client-to-client
comp-lzo
persist-key
persist-tun
cipher DES-CBC
status "C:\\Program Files\\OpenVPN\\log\\status.log"
log "C:\\Program Files\\OpenVPN\\log\\openvpn.log"


push "route 1.2.3.4 255.255.255.255"
push "route 1.2.3.4 255.255.255.255"
push "route 1.2.3.4 255.255.255.255"




verb 4
mute 20
[/oconf

300000
OpenVPN Expert
Posts: 685
Joined: Tue May 01, 2012 9:30 pm

Re: How to redirect traffic only for specific IPs?

Post by 300000 » Thu Sep 17, 2020 4:13 pm

Which ip address do you want to redirect traffic ? and how you you like openvpn behavior ? you ask a very genera question so people dont know what you want.

User avatar
ecrist
Forum Team
Posts: 237
Joined: Wed Nov 26, 2008 10:33 pm
Location: Northern Minnesota, USA
Contact:

Re: How to redirect traffic only for specific IPs?

Post by ecrist » Fri Sep 18, 2020 3:34 pm

The push routes don't belong in the client configuration. Those only go in the server logs. Also, you need to have a normal route statement, as well. So your server configuration should resemble something like this:

server.conf
port 1194
proto udp
dev tun
dev-node UKServer
dh "C:\\Program Files\\OpenVPN\\ssl\\dh2048.pem"
ca "C:\\Program Files\\OpenVPN\\ssl\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\ssl\\UKserver.crt"
key "C:\\Program Files\\OpenVPN\\ssl\\UKserver.key"
server 172.16.10.0 255.255.255.0 10max-clients 32
keepalive 10 120
client-to-client
comp-lzo
persist-key
persist-tun
cipher DES-CBC
status "C:\\Program Files\\OpenVPN\\log\\status.log"
log "C:\\Program Files\\OpenVPN\\log\\openvpn.log"
push "route 2.3.4.5 255.255.255.255"
push "route 3.4.5.6 255.255.255.255"
push "route 1.2.3.4 255.255.255.255"
route 2.3.4.5 255.255.255.255
route 3.4.5.6 255.255.255.255
route 1.2.3.4 255.255.255.255
verb 4
mute 20


The "push" statements are what are sent to the VPN clients when they connect. The route statements tell the OpenVPN process what IPs it needs to pass traffic for.

This is not all that needs to be considered, however. The hosts you're routing for (1.2.3.4, 2.3.4.5, and 3.4.5.6 in our example), need to know how to route back to the VPN clients. Either that, or you need to NAT the traffic from the VPN server to those hosts, so they can route back to the VPN server and it can do the translation back to the clients.
OpenVPN Community Administrator
IRC: #openvpn, #openvpn-devel
Co-Author of Mastering OpenVPN
Author of Troubleshooting OpenVPN

Post Reply