OpenVPN Policy Based Routing - Route Internet Traffic only to specific IP/user

Need help configuring your VPN? Just post here and you'll get that help.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
l0s3_r3al1ty
OpenVpn Newbie
Posts: 1
Joined: Sat Mar 11, 2023 7:31 pm

OpenVPN Policy Based Routing - Route Internet Traffic only to specific IP/user

Post by l0s3_r3al1ty » Sat Mar 11, 2023 7:49 pm

Hi guys! I've setup OpenVPN on asus-rtac88u stock firmware, with some custom configuration, and fixed IP using ccd. The server (have public IP and its behing NAT) is set to local network only. I want to redirect traffic only for 10.83.79.99 (static IP) client.
I'm struggle since Monday to route all internet traffic throw client. Please bear with me. Client is on windows 7 (openvpn 2.5.8) (Public IP) no NAT only layer 7 firewall (firewall is off/on same result). I want to to this only from server side, don't want to change anything on the client machine.
Here is screens from router and my configuration:
Settings gui asus OPENVPN

Server config:

Code: Select all

# Tunnel options
proto udp4
multihome
port 48739
dev tun21
sndbuf 0
rcvbuf 0
keepalive 10 30
up '/etc/openvpn/ovpn-up'
down '/etc/openvpn/ovpn-down'
setenv ovpn_type 0
setenv unit 1
script-security 2
daemon vpnserver1
verb 3
status-version 2
status status 10
compress lzo
plugin /usr/lib/openvpn-plugin-auth-pam.so openvpn

# Server Mode
server 10.83.79.0 255.255.255.0
duplicate-cn
push "route 192.168.173.0 255.255.255.0 vpn_gateway 500"

# Data Channel Encryption Options
auth SHA224
cipher AES-128-CBC

# TLS Mode Options
ca ca.crt
dh dh.pem
cert server.crt
key server.key
tls-auth static.key 0

# Custom Configuration
--username-as-common-name
--topology subnet
--client-config-dir /jffs/openvpn/server1/ccd
push "dhcp-option DNS 192.168.173.1"
push "dhcp-option DOMAIN RT-AC88U.ac88u.delta"
CCD directory

Code: Select all

ifconfig-push 10.83.79.99 255.255.255.0
topology subnet
iroute 192.168.173.0 255.255.255.0
push "redirect-gateway def1"
block-outside-dns
I read a lot on OpenVPN refrence, and from what I understand or I must use IPtabels (i dont know how on stock firmware on asus) or static routes.
I'm using static routes on router gui-lan settings. When I redirect traffic, windows 7 client have internet about 10 minutes or less and then no internet (give me an error in network configuration in local area connection). If i want to make this possible: i must push route in ccd from 10.83.79.99/24 to router wan IP: xxx.xxx.xxx.xxx or private subnet 192.168.173.1? And this is the tricky part 2 i need outbound rule in router IPtables or static rotues right? I have setup one static (image above) but dunno is is right. Please help.
p.s. Im sorry if its in wrong section.

Post Reply