Tag: openvpn

  • Route Specific Subnet Through OpenVPN

    Route Specific Subnet Through OpenVPN

    Recently a customer send an ovpn file to connect to a server, which is on private netowrk.

    When i connect to the VPN, all my internet traffic get routed via the VPN. I only want traffic the server get routed through the VPN.

    The .ovpn file had following content

    dev tun
persist-tun
persist-key
data-ciphers AES-256-CFB8:AES-128-GCM:AES-256-CBC
data-ciphers-fallback AES-256-CBC
auth SHA256
tls-client
client
resolv-retry infinite
remote 12.15.1.112 9411 udp4
nobind
verify-x509-name "colmed-oci" name
pkcs12 sok.p12
tls-auth sok-tls.key 1
remote-cert-tls server
explicit-exit-notify

    To configure the OpenVPN client to route only specific traffic (e.g., 10.20.60.0/24) through the VPN while leaving the rest of the traffic to use your regular internet connection, edit .ovpn file and add the folowing to it.

    route 10.20.60.0 255.255.255.0
pull-filter ignore "redirect-gateway"

    First line tells the VPN client to route traffic destined for 10.20.60.0/24 through the VPN.

    Second directive prevents OpenVPN from pushing a redirect-gateway command, which would send all traffic through the VPN.

    Verify Route

    To verify route, use the command

    ip route

    You will see entry like the following

    boby@sok-01:~$ ip route | grep "10.20.60"
10.20.60.0/29 via 10.80.30.1 dev tun0 
10.20.60.0/24 via 10.80.30.1 dev tun0 
boby@sok-01:~$

    Back to OpenVPN

  • Install OpenVPN Access Server

    OpenVPN Access Server is paid version of OpenVPN with easy to use control panel. You can see license pricing at

    https://openvpn.net/access-server/pricing/

    First 2 users/devices are free to use. To install download the software from

    https://openvpn.net/download-open-vpn/

    On this page, you will see downloads for various operating systems.

    Install on CentOS 7

    To install on CentOS 7, run

    wget https://openvpn.net/downloads/openvpn-as-latest-CentOS7.x86_64.rpm
rpm -ivh openvpn-as-latest-CentOS7.x86_64.rpm

    Example

    [root@localhost ~]# rpm -ivh openvpn-as-latest-CentOS7.x86_64.rpm 
Preparing...                          ################################# [100%]
Updating / installing...
   1:openvpn-as-0:2.7.4_777bcfe6-CentO################################# [100%]

The Access Server has been successfully installed in /usr/local/openvpn_as
Configuration log file has been written to /usr/local/openvpn_as/init.log

Please enter "passwd openvpn" to set the initial
administrative password, then login as "openvpn" to continue
configuration here: https://158.69.103.158:943/admin

To reconfigure manually, use the /usr/local/openvpn_as/bin/ovpn-init tool.

+++++++++++++++++++++++++++++++++++++++++++++++
Access Server Web UIs are available here:
Admin  UI: https://158.69.103.158:943/admin
Client UI: https://158.69.103.158:943/
+++++++++++++++++++++++++++++++++++++++++++++++

Beginning with OpenVPN AS 2.6.0 compression is disabled by default and on upgrades as security patch.
[root@localhost ~]#

    You can set the password for the system user “openvpn” to access the OpenVPN control panel.

    Install on Debian 9

    apt install -y net-tools
wget https://openvpn.net/downloads/openvpn-as-latest-debian9.amd_64.deb
dpkg -i openvpn-as-latest-debian9.amd_64.deb

    You need to open the following ports on the firewall for OpenVPN to work.

    443/tcp
943/tcp
1194/udp

    See VPN