Routing only certain Public Ip's through Openvpn tunnel.



  • HI All,  I'm new on here so apologies if this has  been asked before.

    We have and SG-2440 and have setup openvpn for remote access.  We are using AWS and allow access via our office ip address only, so have setup the vpn to route all traffic through the vpn.  The problem is that the bandwidth at the office fairly low and so I want to only traffic of the office Plus about 4 Public ip addresses to tunnel through the vpn and the rest go directly.

    So essentially a partial split DNS?

    a.  Is this possible?
    b.  how do I do it.

    TIA
    Chris


  • Rebel Alliance Developer Netgate

    Rather than redirecting all traffic, in the "local networks" box for the remote access VPN, put in only the IP addresses and networks you want to forward.

    For example: x.x.x.0/24, a.a.a.a, b.b.b.b, c.c.c.c, d.d.d.d



  • In the server settings uncheck "Redirect gateway" and enter the subnets you want to route over the VPN at "IPv4 Local networks". A unique  IP addresses has to be entered as "<ip>/32" here. This pushes routes for only these subnets to the client instead of setting the default route.

    In the firewall rules you should additionally control access to the resources, cause the routes do not prohibit access to other IPs.</ip>



  • HI Both,  Excellent thanks that worked.

    Much appreciated.