Route Specific Subnet Through OpenVPN

Recently a customer send an ovpn file to connect to a server, which is on private netowrk.

When i connect to the VPN, all my internet traffic get routed via the VPN. I only want traffic the server get routed through the VPN.

The .ovpn file had following content

dev tun
persist-tun
persist-key
data-ciphers AES-256-CFB8:AES-128-GCM:AES-256-CBC
data-ciphers-fallback AES-256-CBC
auth SHA256
tls-client
client
resolv-retry infinite
remote 12.15.1.112 9411 udp4
nobind
verify-x509-name "colmed-oci" name
pkcs12 sok.p12
tls-auth sok-tls.key 1
remote-cert-tls server
explicit-exit-notify

To configure the OpenVPN client to route only specific traffic (e.g., 10.20.60.0/24) through the VPN while leaving the rest of the traffic to use your regular internet connection, edit .ovpn file and add the folowing to it.

route 10.20.60.0 255.255.255.0
pull-filter ignore "redirect-gateway"

First line tells the VPN client to route traffic destined for 10.20.60.0/24 through the VPN.

Second directive prevents OpenVPN from pushing a redirect-gateway command, which would send all traffic through the VPN.

Verify Route

To verify route, use the command

ip route

You will see entry like the following

boby@sok-01:~$ ip route | grep "10.20.60"
10.20.60.0/29 via 10.80.30.1 dev tun0 
10.20.60.0/24 via 10.80.30.1 dev tun0 
boby@sok-01:~$ 

Back to OpenVPN

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *