OpenVPN Support Forum

Community Support Forum
https://forums.openvpn.net/

Only want 1 ip client to pass through VPN

https://forums.openvpn.net/viewtopic.php?t=37014

Page 1 of 1

Only want 1 ip client to pass through VPN

Posted: Sat Sep 23, 2023 1:53 am
by saridd
I have recently installed Asus RT-AX53U router and set up the VPN. All traffic goes through the VPN and everything is functioning as expected.

I would like to change the traffic flow and only have 1 specific ip address go through the VPN and all other devices/clients on the network to go directly through internet and bypass VPN.

I have done some research and experimented with changing the OpenVPN client settings file but need some help.

This is the ip address I want to do through the VPN 192.168.20.9

All ip addresses belong to the same subnet 255.255.255.0

OpenVPN client settings

Code: Select all

ev tun
fast-io
persist-key
persist-tun
nobind
remote australia-brisbane-ca-version-2.expressnetw.com 1195

remote-random
pull
comp-lzo no
tls-client
verify-x509-name Server name-prefix
ns-cert-type server
key-direction 1
route-method exe
route-delay 2 
tun-mtu 1500
fragment 1300
mssfix 1200
verb 3
cipher AES-256-GCM
auth SHA512
sndbuf 524288
rcvbuf 524288
auth-user-pass
Asus RT-AX53U Route Table

Code: Select all

Destination     Gateway         Genmask         Flags    Metric Ref    Use Type Iface
0.0.0.0         10.187.0.17     128.0.0.0       UG       0      0        0      tun15
default         100.65.128.1    0.0.0.0         UG       0      0        0 WAN0 vlan10
10.8.0.0        10.8.0.2        255.255.255.0   UG       0      0        0      tun21
10.8.0.2        *               255.255.255.255 UH       0      0        0      tun21
10.187.0.1      10.187.0.17     255.255.255.255 UGH      0      0        0      tun15
10.187.0.17     *               255.255.255.255 UH       0      0        0      tun15
14.1.33.1       100.65.128.1    255.255.255.255 UGH      1      0        0 WAN0 vlan10
14.1.33.20      100.65.128.1    255.255.255.255 UGH      1      0        0 WAN0 vlan10
85.237.90.220   100.65.128.1    255.255.255.255 UGH      0      0        0 WAN0 vlan10
100.65.128.0    *               255.255.192.0   U        0      0        0 WAN0 vlan10
100.65.128.1    *               255.255.255.255 UH       0      0        0 WAN0 vlan10
128.0.0.0       10.187.0.17     128.0.0.0       UG       0      0        0      tun15
192.168.20.0    *               255.255.255.0   U        0      0        0 LAN  br0
239.255.255.250 *               255.255.255.255 UH       0      0        0 LAN  br0
If I put these lines in the client config file

Code: Select all

route-nopull
route 192.168.20.9 255.255.255.255
All the clients bypass the VPN and work as expected however 198.168.20.9 can't find the server. Here is the Routing table for the router after making the updates.

Code: Select all

Destination     Gateway         Genmask         Flags    Metric Ref    Use Type Iface
default         100.65.128.1    0.0.0.0         UG       0      0        0 WAN0 vlan10
10.8.0.0        10.8.0.2        255.255.255.0   UG       0      0        0      tun21
10.8.0.2        *               255.255.255.255 UH       0      0        0      tun21
10.55.0.161     *               255.255.255.255 UH       0      0        0      tun14
14.1.33.1       100.65.128.1    255.255.255.255 UGH      1      0        0 WAN0 vlan10
14.1.33.20      100.65.128.1    255.255.255.255 UGH      1      0        0 WAN0 vlan10
100.65.128.0    *               255.255.192.0   U        0      0        0 WAN0 vlan10
100.65.128.1    *               255.255.255.255 UH       0      0        0 WAN0 vlan10
192.168.20.0    *               255.255.255.0   U        0      0        0 LAN  br0
192.168.20.9    10.55.0.161     255.255.255.255 UGH      0      0        0      tun14
239.255.255.250 *               255.255.255.255 UH       0      0        0 LAN  br0

Re: Only want 1 ip client to pass through VPN

Posted: Sun Sep 24, 2023 6:26 am
by RoutingOnEmpty
I am a complete novice, but I believe that route-nopull may have prevented your VPN provider's IP address from being assigned to the net_gateway. In the first table above, there is an route for 85.237.90.220 to the net_gateway, and this is missing from the second table. I didn't find anything on this IP with reverse IP lookup. It might be fixed if you add a command for that specific IP to the net_gateway, but I suspect that if that's your VPN provider, you may get a different IP from them each time you make a connection. I hope someone with more actual knowledge will chime in here.
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/