Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Routing a specific IP over our VPN

    Scheduled Pinned Locked Moved OpenVPN
    8 Posts 2 Posters 7.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      benutne
      last edited by

      I've got a very basic OpenVPN road warrior setup right now.  It works quite well and so far everyone has been happy with it.  We have a few websites which are restricted to our static IP at the office which our VPN users would like to access as well.  I know there is a way to route all traffic over our network but that isn't really feasible in terms of bandwidth to say the least.

      How do I set up a specific domain or IP address to go through our VPN and out our gateway so off site users IPs appear to be coming from our static IP at the office?

      Thanks in advance for the help and sorry if this has been asked before.

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        In the custom options of the OpenVPN on the client side just add:

        route x.x.x.x 255.255.255.255;
        

        Where x.x.x.x is the IP of the remote server. OpenVPN will add a route sending that over the tunnel. I do that at home for quite a few remote sites that need to come from a certain specific location.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • B
          benutne
          last edited by

          @jimp:

          In the custom options of the OpenVPN on the client side just add:

          route x.x.x.x 255.255.255.255;
          

          Where x.x.x.x is the IP of the remote server. OpenVPN will add a route sending that over the tunnel. I do that at home for quite a few remote sites that need to come from a certain specific location.

          Maybe you can be more specific.  I'm having a really hard time getting this to work correctly.

          Do I add the route command to the client config file?  Or do I add it to the "client specific options" in the OpenVPN server setup?

          Adding the route to the client config file didn't work at all.  And so far, neither has adding the route on the client specific config page.

          1 Reply Last reply Reply Quote 0
          • jimpJ
            jimp Rebel Alliance Developer Netgate
            last edited by

            Add it in the actual client config. You can add it in the overrides but you need to push it (push "route x.x.x.x 255.255.255.255"; ).

            If you put a route statement in there for an IP address, it will go over the VPN tunnel. I do this is many places and it works fine. If you are on Windows Vista/7, make sure you are running the client as admin or it can't add routes.

            Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 0
            • B
              benutne
              last edited by

              @jimp:

              Add it in the actual client config. You can add it in the overrides but you need to push it (push "route x.x.x.x 255.255.255.255";).

              If you put a route statement in there for an IP address, it will go over the VPN tunnel. I do this is many places and it works fine. If you are on Windows Vista/7, make sure you are running the client as admin or it can't add routes.

              Yeah, I disable UAC so everything runs as an admin.  Where do I add the push command?  I assume by overrides you mean the client specific commands page of the OpenVPN server set up?

              So basically I put "route x.x.x.x 255.255.255.255" in the client config file and "push "route x.x.x.x 255.255.255.255"" as a client specific config (or globabally, whatever) right?

              1 Reply Last reply Reply Quote 0
              • jimpJ
                jimp Rebel Alliance Developer Netgate
                last edited by

                Not 'and' – 'or'.

                You put a route into the client configs if you want one client to use it specifically.
                You push a route in the main server config if you want all clients to use it.
                You push a route in the client specific config if you want to push to just one client.

                Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                Need help fast? Netgate Global Support!

                Do not Chat/PM for help!

                1 Reply Last reply Reply Quote 0
                • B
                  benutne
                  last edited by

                  Yeah, I tried all that in every combination.  It still just doesn't work.  I can see the route when I do a "route print" as "x.x.x.x 255.255.255.255 10.0.10.5 10.0.10.6 30" and it doesn't seem to be getting where I want it to go.  Can I put a domain in place of x.x.x.x?

                  This is why I'm so confused.  Everything I try seems like it should work.  It just doesn't.  Very frustrating.

                  1 Reply Last reply Reply Quote 0
                  • jimpJ
                    jimp Rebel Alliance Developer Netgate
                    last edited by

                    You can put a hostname, but I'm not sure how OpenVPN might handle that if the IP resolves to multiple IPs.

                    So the traffic isn't going over the tunnel at all? Or it's going over the tunnel and it just isn't going to the web site?

                    Or can you tell the difference since that site is blocked by IP?

                    You probably also need outbound NAT setup to cover the OpenVPN subnet. (It's done automatically on 2.0 but I always forget that it's not automatic on 1.2.3)

                    Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                    Need help fast? Netgate Global Support!

                    Do not Chat/PM for help!

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.