Using OpenVPN only for a part of the network

How to customize and extend your OpenVPN installation.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Post Reply
User4567
OpenVpn Newbie
Posts: 2
Joined: Fri Dec 17, 2021 5:52 pm

Using OpenVPN only for a part of the network

Post by User4567 » Fri Dec 17, 2021 6:25 pm

Hi all,

for work i have to connect into a clients VPN,
which i do by using OpenVPN GUI on a Win 10 computer.

Within the clients VPN no connections to the internet are allowed,
but as all of my traffic runs through the VPN i cannot use the internet/check my emails while i am connected to the VPN.

From what i understand adding these lines to the client.ovpn file should route the traffic
that requires VPN into the VPN while allowing me to still use the internet.

Code: Select all

route-nopull
route 10.0.0.0 255.0.0.0
With this approach i cannot resovle hostnames within the VPN,
but directly using the IPs works.

To me (not a network person) this seems like the "route-nopull" option prevents setting the DNS entries
that would be needed to resolve hostnames within the VPN.

Can you please point to me which option i should use instead/additionally?

Also am i correct assuming that this approach does not puncture the clients security i.e. the hosts i connect to within the
clients VPN are still not reachable from the internet?

Thanks in advance

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Using OpenVPN only for a part of the network

Post by TinCanTech » Fri Dec 17, 2021 7:55 pm

Use --pull-filter ignore to ignore certain pushed items. See the manual for --pull-filter

Do not use --route-nopull, it is too heavy handed.

User4567
OpenVpn Newbie
Posts: 2
Joined: Fri Dec 17, 2021 5:52 pm

Re: Using OpenVPN only for a part of the network

Post by User4567 » Mon Dec 20, 2021 10:16 am

Thanks a lot, it seems that this settings do the trick:

Code: Select all

route 10.0.0.0 255.0.0.0
pull-filter ignore "route "
Is there something else i should maybe check on, especially in regard to not punch holes into the clients security?
(Again i am not a network-person, so please state the obvious)

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Using OpenVPN only for a part of the network

Post by TinCanTech » Mon Dec 20, 2021 3:58 pm

Sorry, I do not do other peoples work for them.

If you require professional assistance then I am available for hire.

Post Reply