first, happy Christmas to you all!
I started learning about OpenVPN (there is so much to learn…) and did setup my first VPN with one server (Debian) and two clients (Windows 11).
Everything works fine, the traffic is routed through the VPN and I can ping the VPN-IPs.
My goal is to be able to do remote support via (Ultra)VNC over the VPN, so I can connect from one client to another client via its VPN-IP - this also already works, a great first success for me.
Now I have another requirement:
I want all traffic of the clients NOT so be routed through the VPN (like opening a Website, reading Emails or downloading a file), but only the VNC connection for remote support. Or in other words, I want to connect from VPN-client A to VPN-client B via VNC using the VPN-IP of B. But all other traffic should be normal, without VPN.
Please, see my configurations and the OpenVPN version below.
I tried to read about that but I’m afraid I’m stuck here. My first attempt was removing the line
Code: Select all
push "redirect-gateway def1"
It would be great if someone with more experience than me could give me a hint how to do it.
If I can give you any more information, please just say so.
Thanks a lot for your help!
My server config:
Server Config
dev tun
proto udp
port 1194
ca /etc/openvpn/easy-rsa/pki/ca.crt
cert /etc/openvpn/easy-rsa/pki/issued/localhost_2857d71f-6c56-4b41-1232-8d1975830b15.crt
key /etc/openvpn/easy-rsa/pki/private/localhost_2857d71f-6c56-4b41-1232-8d1975830b15.key
dh none
ecdh-curve prime256v1
topology subnet
server 10.255.107.0 255.255.255.0
push "dhcp-option DNS 9.9.9.9"
push "dhcp-option DNS 149.112.112.112"
push "block-outside-dns"
push "redirect-gateway def1"
client-to-client
client-config-dir /etc/openvpn/ccd
keepalive 15 120
remote-cert-tls client
tls-version-min 1.2
tls-crypt /etc/openvpn/easy-rsa/pki/ta.key
cipher AES-256-CBC
auth SHA256
user openvpn
group openvpn
persist-key
persist-tun
crl-verify /etc/openvpn/crl.pem
status /var/log/openvpn-status.log 20
status-version 3
syslog
verb 3
OpenVPN version
OpenVPN 2.6.3 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] [DCO]
library versions: OpenSSL 3.0.11 19 Sep 2023, LZO 2.10
Kind regards,
Ben