Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Routing only certain Public Ip's through Openvpn tunnel.

    Scheduled Pinned Locked Moved OpenVPN
    4 Posts 3 Posters 1.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • frogF Offline
      frog
      last edited by

      HI All,  I'm new on here so apologies if this has  been asked before.

      We have and SG-2440 and have setup openvpn for remote access.  We are using AWS and allow access via our office ip address only, so have setup the vpn to route all traffic through the vpn.  The problem is that the bandwidth at the office fairly low and so I want to only traffic of the office Plus about 4 Public ip addresses to tunnel through the vpn and the rest go directly.

      So essentially a partial split DNS?

      a.  Is this possible?
      b.  how do I do it.

      TIA
      Chris

      1 Reply Last reply Reply Quote 0
      • jimpJ Offline
        jimp Rebel Alliance Developer Netgate
        last edited by

        Rather than redirecting all traffic, in the "local networks" box for the remote access VPN, put in only the IP addresses and networks you want to forward.

        For example: x.x.x.0/24, a.a.a.a, b.b.b.b, c.c.c.c, d.d.d.d

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • V Offline
          viragomann
          last edited by

          In the server settings uncheck "Redirect gateway" and enter the subnets you want to route over the VPN at "IPv4 Local networks". A unique  IP addresses has to be entered as "<ip>/32" here. This pushes routes for only these subnets to the client instead of setting the default route.

          In the firewall rules you should additionally control access to the resources, cause the routes do not prohibit access to other IPs.</ip>

          1 Reply Last reply Reply Quote 0
          • frogF Offline
            frog
            last edited by

            HI Both,  Excellent thanks that worked.

            Much appreciated.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.