OpenVPN Policy Based Routing - Route Internet Traffic only to specific IP/user
Posted: Sat Mar 11, 2023 7:49 pm
Hi guys! I've setup OpenVPN on asus-rtac88u stock firmware, with some custom configuration, and fixed IP using ccd. The server (have public IP and its behing NAT) is set to local network only. I want to redirect traffic only for 10.83.79.99 (static IP) client.
I'm struggle since Monday to route all internet traffic throw client. Please bear with me. Client is on windows 7 (openvpn 2.5.8) (Public IP) no NAT only layer 7 firewall (firewall is off/on same result). I want to to this only from server side, don't want to change anything on the client machine.
Here is screens from router and my configuration:
Settings gui asus OPENVPN
Server config:
CCD directory
I read a lot on OpenVPN refrence, and from what I understand or I must use IPtabels (i dont know how on stock firmware on asus) or static routes.
I'm using static routes on router gui-lan settings. When I redirect traffic, windows 7 client have internet about 10 minutes or less and then no internet (give me an error in network configuration in local area connection). If i want to make this possible: i must push route in ccd from 10.83.79.99/24 to router wan IP: xxx.xxx.xxx.xxx or private subnet 192.168.173.1? And this is the tricky part 2 i need outbound rule in router IPtables or static rotues right? I have setup one static (image above) but dunno is is right. Please help.
p.s. Im sorry if its in wrong section.
I'm struggle since Monday to route all internet traffic throw client. Please bear with me. Client is on windows 7 (openvpn 2.5.8) (Public IP) no NAT only layer 7 firewall (firewall is off/on same result). I want to to this only from server side, don't want to change anything on the client machine.
Here is screens from router and my configuration:
Settings gui asus OPENVPN
Server config:
Code: Select all
# Tunnel options
proto udp4
multihome
port 48739
dev tun21
sndbuf 0
rcvbuf 0
keepalive 10 30
up '/etc/openvpn/ovpn-up'
down '/etc/openvpn/ovpn-down'
setenv ovpn_type 0
setenv unit 1
script-security 2
daemon vpnserver1
verb 3
status-version 2
status status 10
compress lzo
plugin /usr/lib/openvpn-plugin-auth-pam.so openvpn
# Server Mode
server 10.83.79.0 255.255.255.0
duplicate-cn
push "route 192.168.173.0 255.255.255.0 vpn_gateway 500"
# Data Channel Encryption Options
auth SHA224
cipher AES-128-CBC
# TLS Mode Options
ca ca.crt
dh dh.pem
cert server.crt
key server.key
tls-auth static.key 0
# Custom Configuration
--username-as-common-name
--topology subnet
--client-config-dir /jffs/openvpn/server1/ccd
push "dhcp-option DNS 192.168.173.1"
push "dhcp-option DOMAIN RT-AC88U.ac88u.delta"Code: Select all
ifconfig-push 10.83.79.99 255.255.255.0
topology subnet
iroute 192.168.173.0 255.255.255.0
push "redirect-gateway def1"
block-outside-dns
I'm using static routes on router gui-lan settings. When I redirect traffic, windows 7 client have internet about 10 minutes or less and then no internet (give me an error in network configuration in local area connection). If i want to make this possible: i must push route in ccd from 10.83.79.99/24 to router wan IP: xxx.xxx.xxx.xxx or private subnet 192.168.173.1? And this is the tricky part 2 i need outbound rule in router IPtables or static rotues right? I have setup one static (image above) but dunno is is right. Please help.
p.s. Im sorry if its in wrong section.