Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    What is differences choosing option between Redirect and IPv4 Tunnel network

    Scheduled Pinned Locked Moved Firewalling
    4 Posts 3 Posters 604 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • E
      eeebbune
      last edited by

      Hello Professionals,

      I have curiousity about OpenVPN options between Redirect and IPv4 Tunnel network.
      When we setup the OpenVPN server, we create the IP tunnel blocks as dhcp. After that, there are options we can choose about Redirect / IPv4 Tunnel network (for communicate remote endpoint).

      8c8dc69b-2b4a-4414-b6d3-039621f130c1-image.png
      As far as I know, when we choose the option 'Redirect', all the remote client traffics are passing through the firewall gateway, so it is inefficient when company has limit bandwidth.

      On the contrary, when we choose the option Ipv4 tunnel network, and we set the ip ranges as possibly communicated end points then we can communicate with the ip ranges even if router does not have routes in its routing table.

      How is this possible? this option is also routing with the gateway address? what is differences between those two options?

      V 1 Reply Last reply Reply Quote 0
      • V
        viragomann @eeebbune
        last edited by

        @eeebbune
        Entering your local networks into the "IPv4 Local Network(s)" box, instructs the client is to add routes for these networks pointing to the OpenVPN server after connecting.
        So the client can access the remote networks through the VPN, but upstream traffic is going out to his default gateway.

        1 Reply Last reply Reply Quote 1
        • senseivitaS
          senseivita
          last edited by

          Just like @viragomann, but note that choosing redirect doesn't necessarily means the client endpoint is bound to obey that. For instance, I have a remote server that's only a gateway so I can get a static public IP, it has the redirect all client traffic.. option checked but on the client, my local firewall, it's chosen not to add the routes automatically.

          It connects and it's made aware of the new gateway on the server but it doesn't route any traffic to it if it's not by policy routing or responding to traffic from there. Not all clients have the interface for this though, you may be limited in mobile clients or off the shelve or ISP-leased all-in-one firewalls supporting OpenVPN.

          The local network is/are the subnet(s) on the VPN server you wish to make known to the clients. If you choose redirect all traffic... and the client does obey that, then it becomes a moot point since all traffic would be going there anyway. Of course you also need firewall rules to allow traffic from the tunnel to reach server-side LANs.

          Missing something? Word endings, maybe? I included a free puzzle in this msg if you solv--okay, I'm lying. It's dyslexia, makes me do that, sorry! Just finish the word; they're rarely misspelled, just incomplete. Yeah-yeah-I know. Same thing.

          E 1 Reply Last reply Reply Quote 1
          • E
            eeebbune @senseivita
            last edited by

            @skilledinept
            @viragomann

            I really appreciate your precious replies.
            Now I understand the differences between them.

            Thank you.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.