openvpn split tunnel not working
-
vpn internet traffic is going through the vpn tunnel, I don't want it, Open VPN client should use its own internet for browsing.
how would it be possible, current vpn tunnel settings attached with my post, -
@erfanxp
As long as you don't check "Redirect gateway", the upstream traffic shouldn't be routed over the VPN tunnel.
However, it's on the clients to set their own routes.For further restriction modify your firewall rule on the OpenVPN interface to allow only access to the desired IPs and remove the outbound NAT rule for the tunnel network.
Without outbound NAT, no upstream traffic is possible.Consider that if you provide a DNS server to the clients you have to allow DNS access accordingly.
BTW: Why are you using a public address space to the VPN tunnel?
-
@viragomann thanx for replying. after removing the outbound NAT rule client cant access internet but can access desired IPs (after allowing access) .also there is no internal DNS server. i want them to use internet as well as VPN but dont want to route internet traffic to tunnel. is that possilbe ? i did uncheck "redirect gateway" but problem remains.
"BTW: Why are you using a public address space to the VPN tunnel?" i didnt understand.
-
@erfanxp
Yes, for split tunneling leave "Redirect gateway" unchecked and enter your local networks which the clients should be able to access into the "Local network/s" box.
This should push the route for your networks to the clients, so the clients OS adds routes for it.
That is already done as your screenshot shows. But that's all you can do on the server side.If the client route the whole upstream traffic over the VPN though, it's on the client. Presumably he set the default rule pointing to the VPN server. So check the clients configuration.
You can reexport the clients config file using the Export utility and add it to the client.The network address range 11.11.11.0/24 you use for the vpn tunnel is a public space owned by others in the internet. Hence you and the connected clients are not able to access this internet network range.
You should use an RFC 1918 IP range. -
@viragomann said in openvpn split tunnel not working:
You should use an RFC 1918 IP range
thanx bro for your help. i just checked from windows 10 machine only vpn traffic is going through tunnel rest of going through client internet. but on ubuntu machine everything is going into tunnel
-
@erfanxp said in openvpn split tunnel not working:
but on ubuntu machine everything is going into tunnel
So configure the client properly for split-tunneling.
Without knowing what client you use I cannot provide help. -
@viragomann said in openvpn split tunnel not working:
Without knowing what client you use I cannot provide help.
im using Viscosity bundle for ubuntu.
-
@erfanxp said in openvpn split tunnel not working:
im using Viscosity bundle
Not familiar with that.
Use the NetworkManager with the OpenVPN plugin. It works great.
-
@viragomann said in openvpn split tunnel not working:
Viscosity bundle
i downloaded viscosity from pfsense client export. imported config file in network manager of ubuntu
-
@erfanxp
Ah, so even NM.
Here on OpenSUSE 15.2 NM OpenVPN is working flawlessly after importing the config. However, I had this issue as well with earlier versions.
Of course it doesn't work if your local networks are overlapping with the remote networks.If that isn't the case, you can configure the routing manually:
Edit the connection. Select the IPv4 or v6 tab, whatever routes you need. Click "Routes..." at the right bottom, in the opening window check "ignore pulled routes", hit "Add" and enter the remote network and mask (in your example 10.10.184.0, 255.255.254.0). Leave the gateway blank and save all.Worked well for me in earlier NM versions.
