Access only specific sites through OVPN
-
Hi and apologies if this has been asked before (probably is) but there is so much information here.. ;)
I successfully set up openVPN but really only need it for a few specific websites, I'd prefer to let normal traffic g though the normal WAN gateway and only use VPN for those few sites. I am guessing I need to set up NAT rules to use the gateway I need but could use a bit of help. I'll be happy to puzzle it together if I could get some pointers ..
Oh, would it be correct to assume that if I would need say a VPN to a Dutch gateway for some and an US gateway for others I would just set up two clients with two interfaces and the appropriate routing and gateways?
I think I get the basic idea, but can and would appreciate some help in figuring this all out..
thanks!
Paul -
I've been fiddling around with this a bit and found out how I can basically make connection using VPN or WAN. Now I need to create rules so that two IP ranges where te IP address starts with either 145.85.x.x or 77.72.x.x are routed through the VPN.
I tried setting up a rule in firewall LAN as:
Proto Source Port Destination Port Gateway Queue
IPv4 TCP * * 145.85.0.0/16 * VPN_VPNV4 none
IPv4 TCP * * 77.72.0.0/16 * VPN_VPNV4 nonebut that does not work. I could be completely misunderstanding, but I though that entering an IP A.B.C.D/16 would match any IP from A.B.C.D - A.B.255.254
I have a rule
IPv4 * LAN net * * * WAN_DHCP none
where I get access through VPN, when I change the gateway to WAN (obv also changes in this rule then) it uses my WAN. So that works as I expected..
Any help appreciated here..
-
yeah i would like to know how to do this as well. have you had any success yet?
-
I've been fiddling around with this a bit and found out how I can basically make connection using VPN or WAN. Now I need to create rules so that two IP ranges where te IP address starts with either 145.85.x.x or 77.72.x.x are routed through the VPN.
I tried setting up a rule in firewall LAN as:
Proto Source Port Destination Port Gateway Queue
IPv4 TCP * * 145.85.0.0/16 * VPN_VPNV4 none
IPv4 TCP * * 77.72.0.0/16 * VPN_VPNV4 nonebut that does not work.
Please define does not work.
Looks like it should work to me as long as those rules are above more general rules and the traffic is actually TCP traffic.
-
You have to put your rule into this order:
IPv4 TCP * * 145.85.0.0/16 * VPN_VPNV4 none IPv4 TCP * * 77.72.0.0/16 * VPN_VPNV4 none IPv4 * LAN net * * * WAN_DHCP none -
Can anyone confirm that an OpenVPN VPN connection will "Draw" all the traffic through the VPN unless a command such as ROUTE-NOPULL is used on the client side ?
I have a funcitonal VPN connection which I am trying to use ONLY for certain IP destinations. It works fine, but after a while ALL my traffic is going through the VPN and kills my VOIP connection which is not permitted from another country.
I have set up an Alias with the destination networks I wish to funnel through the VPN witht he appropriate Firewall rules, however eventuall ALL traffic ends up going through the VPN.
What am I missing ?
Thanks
-
Without route-nopull the provider can push whatever routes it wants to you and they will be honored. This might include a default route that will tell your system to send all traffic through the VPN. If you add route-nopull your system will ignore pushed routes and it's up to you to tell your system what traffic to send to the tunnel.
-
Thanks for that, I'll try that and see what happens…stay tuned !
-
OK good news, the ROUTE-NOPULL command resolved the issue for me. Now firewall rules work and the VPN static connection to the Server does NOT override the router and pull all the traffic into it.
thanks for all your help.Christian Laf
