Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    openvpn and surfing

    Scheduled Pinned Locked Moved OpenVPN
    openvpnpublic ip wan ppublic ip
    10 Posts 2 Posters 2.0k Views 2 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N Offline
      nick.loenders
      last edited by

      Hi,

      I have setup a openvpn on a netgate device on location A with and when I connect to it from location B it connects and I get the public ip of location A, which is good.
      But it also means I will surf/browse via location A.

      But is there a way I get the public ip from location A, but can still surf via location B ?

      V 1 Reply Last reply Reply Quote 0
      • V Offline
        viragomann @nick.loenders
        last edited by

        @nick-loenders
        How do you think, should that work?

        If your HTTP requests access the destionation server in the Internet with the IP from A, the server will send its responses back to A. Consequently the whole traffic (up and down) has to flow over A.

        If you don't want to surf via A uncheck "Redirect gateway" in the OpenVPN settings, but then you will access the internet with the public IP of B.
        There are no other options.

        N 1 Reply Last reply Reply Quote 0
        • N Offline
          nick.loenders @viragomann
          last edited by nick.loenders

          @viragomann Hi, the thing is we manage a lot of servers on different locations and we will allow RDP only from the ip from location A,
          so basically we use this vpn only to show the rdpservers we are coming from location A....

          But off course if you forget to turn off the vpn and would watch a film for instance, we would be surfing through location A, which is not a good plan as we pay for the bandwidth at location A

          But I guess there is nothing to do about it then, as I already suspected :(

          V 1 Reply Last reply Reply Quote 0
          • V Offline
            viragomann @nick.loenders
            last edited by

            @nick-loenders
            So only for RDP you can policy route the traffic over the VPN and remove the "redirect gateway" check.

            For a policy routing rule, on B add all your RDP destination IPs you want to access from A to an alias.
            Then add a firewall rule on the interface where your RDP clients are connected to, at destination enter the alias and RDP at port (or whatever port you need, possibly also an alias), open the advanced options and at gateway select your VPN gateway.
            This requires that you have assigned an interface to the OpenVPN instance before.

            N 1 Reply Last reply Reply Quote 0
            • N Offline
              nick.loenders @viragomann
              last edited by

              @viragomann wow, this sounds all a bit chinese for me.

              Are we on the same wave?

              At location A:
              On the firewall I allow RDP only from public ip 70.15.15.36

              At location B:
              On the firewall I allow RDP only from public ip 70.15.15.36

              At location C:
              On the firewall I allow RDP only from public ip 70.15.15.36

              I have then a FW on location X on which vpn is setup and this location has public ip 70.15.15.36

              I can then be wherever I want with my laptop and make a openvpn connection to the FW of location X and at this moment my public ip becomes 70.15.15.36 as redirect gateway is enabled.
              And as my public ip bacame 70.15.15.36 I can RDP to server on location A, B, C, ...

              But off course with that setup ALL traffic goes via location X.

              You would do it differently?
              Can you explain with some screenshots if possible?

              V 1 Reply Last reply Reply Quote 0
              • V Offline
                viragomann @nick.loenders
                last edited by viragomann

                @nick-loenders
                I see, from your firest post, I was thinking about a site2site VPN between A and B.

                From you Laptop you will make a client connection to an access server on location X.
                So in the access server settings to route client traffic over the VPN, enter all networks you want to access to the "Local Networks". This pushes a route to the client when the VPN is established.

                So in your example, you want to access 60.10.10.10. I assume you also want to access the local network on X, which I say is 192.168.20.0/24, so the "IPv4 Local Network/s" box in the server settings should look like this:

                192.168.20.0/24,60.10.10.10/32
                

                All entries have to be in CIDR notation and comma separated.

                "Redirect gateway" has to be unchecked here as well.

                This directs the whole traffic to 60.10.10.10 over the VPN, not only RDP, but all other destinations which are not included in "local networks" will go out the default WAN on the laptop.

                N 1 Reply Last reply Reply Quote 0
                • N Offline
                  nick.loenders @viragomann
                  last edited by

                  @viragomann No I want to access the servers on location A B C, ....
                  There are no site2site tunnels in this story.

                  I make a vpn to the netgate on location X.

                  That is it.

                  Then on my laptop I do an rdp to location A (public ip 60.10.10.10)
                  As on location A rdp is only allowed from public ip X 70.15.15.36, this will work.
                  if my redirected gateay is on (at this moment)

                  V 1 Reply Last reply Reply Quote 0
                  • V Offline
                    viragomann @nick.loenders
                    last edited by viragomann

                    @nick-loenders
                    Ok I messed the destination IP. Corrected it now above.

                    "Redirect gateway" directs simply the whole upstream traffic from the client over the VPN connection, while in "local networks" you can state specific destinations to direct to the VPN server. It's also called splitt-tunneling.

                    N 1 Reply Last reply Reply Quote 0
                    • N Offline
                      nick.loenders @viragomann
                      last edited by

                      @viragomann so if I do this:

                      0dc6009e-83fd-4633-88ab-0a7173911ac1-image.png

                      it should work too?

                      OK, I'll test

                      V 1 Reply Last reply Reply Quote 0
                      • V Offline
                        viragomann @nick.loenders
                        last edited by

                        @nick-loenders
                        Yes, this simply adds the proper route on the client to go over the VPN gateway.

                        1 Reply Last reply Reply Quote 1
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.