I have 2 VPSs under Windows2016, one one i have openVPN server and on the other OpenVPN client
which lines to add and on which config to redirect cia vpn connection only for list of specific IPs?
there are 4-6 IPs which will be required to be redirected
now i have
push "redirect-gateway def1"
and all the traffic is redirected.
Re: How to redirect traffic only for specific IPs?
Posted: Wed Sep 16, 2020 4:08 am
by ecrist
Don't use the push line you mentioned. Use a line like:
Add one of those for all six IPs you wanted routed over the VPN.
Re: How to redirect traffic only for specific IPs?
Posted: Wed Sep 16, 2020 8:05 am
by vadym.bukevych@gmail.com
I have followed your advice, but the problem still persists.
Here are my config files, maybe you can point me out where i did make mistake, still ALL the traffic is redirected via OpenVPN
Client:
client
port 1194
proto udp
dev tun
dev-node UKServer
dh "C:\\Program Files\\OpenVPN\\ssl\\dh2048.pem"
ca "C:\\Program Files\\OpenVPN\\ssl\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\ssl\\UKserver.crt"
key "C:\\Program Files\\OpenVPN\\ssl\\UKserver.key"
server 172.16.10.0 255.255.255.0
max-clients 32
keepalive 10 120
client-to-client
comp-lzo
persist-key
persist-tun
cipher DES-CBC
status "C:\\Program Files\\OpenVPN\\log\\status.log"
log "C:\\Program Files\\OpenVPN\\log\\openvpn.log
Re: How to redirect traffic only for specific IPs?
Posted: Thu Sep 17, 2020 4:13 pm
by 300000
Which ip address do you want to redirect traffic ? and how you you like openvpn behavior ? you ask a very genera question so people dont know what you want.
Re: How to redirect traffic only for specific IPs?
Posted: Fri Sep 18, 2020 3:34 pm
by ecrist
The push routes don't belong in the client configuration. Those only go in the server logs. Also, you need to have a normal route statement, as well. So your server configuration should resemble something like this:
server.conf
port 1194
proto udp
dev tun
dev-node UKServer
dh "C:\\Program Files\\OpenVPN\\ssl\\dh2048.pem"
ca "C:\\Program Files\\OpenVPN\\ssl\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\ssl\\UKserver.crt"
key "C:\\Program Files\\OpenVPN\\ssl\\UKserver.key"
server 172.16.10.0 255.255.255.0 10max-clients 32
keepalive 10 120
client-to-client
comp-lzo
persist-key
persist-tun
cipher DES-CBC
status "C:\\Program Files\\OpenVPN\\log\\status.log"
log "C:\\Program Files\\OpenVPN\\log\\openvpn.log"
push "route 2.3.4.5 255.255.255.255"
push "route 3.4.5.6 255.255.255.255"
push "route 1.2.3.4 255.255.255.255"
route 2.3.4.5 255.255.255.255
route 3.4.5.6 255.255.255.255
route 1.2.3.4 255.255.255.255
verb 4
mute 20
The "push" statements are what are sent to the VPN clients when they connect. The route statements tell the OpenVPN process what IPs it needs to pass traffic for.
This is not all that needs to be considered, however. The hosts you're routing for (1.2.3.4, 2.3.4.5, and 3.4.5.6 in our example), need to know how to route back to the VPN clients. Either that, or you need to NAT the traffic from the VPN server to those hosts, so they can route back to the VPN server and it can do the translation back to the clients.