Remote Acess VPN Server: Routing non-LAN traffic?

oguruma

I have a remote access OpenVPN server set up. It works as intended.

I need it mainly to access files on the file server. About 5 or so users total.

What I would like to do is have client general internet traffic not pushed through the VPN.

Since my lab only has a 100/10 connection, it's probably not ideal; to push peoples' Youtube streaming/general web browsing/gaming through that connection....

Is there a way to route traffic that's not a resource on the network to not go through the tunnel?

viragomann

@oguruma
In the OpenVPN server settings remove the check at "redirect gateway", instead enter the networks which the clients should be able to access into the "Local networks" box. If it's only that one server you can enter a single IP with a /32 mask.

Since the clients can apart from this route anything over the VPN on their own, it's a good advice to restrict your firewall rules accordingly. Instead of allowing access to any destination on the OpenVPN interface limit it to your needs.

Also you might have an Outbound NAT rule for the OpenVPN tunnel network (possibly added automatically by the wizard and removed again by unchecking "redirect gateway), which you can remove, if no WAN outbound is desired from VPN clients.