-1

I currently configure an OpenVPN server on ubuntu 20 using this config; It will give private subnet (172.31.40.0 255.255.240.0) access to the clients, But this VPN redirect the client's internet traffic through my VPN. I want to disable this while preserving the private subnet access to the clients.

I tried removing these line as per the docs # push "redirect-gateway def1 bypass-dhcp" But the client cant access the internet, and Clients get the no-internet error on browsers.

local 172.31.40.170
port 1500
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh.pem
auth SHA512
tls-crypt tc.key
topology subnet

client-to-client
server 10.8.0.0 255.255.255.0
push "redirect-gateway def1 bypass-dhcp"

push "route 172.31.40.0 255.255.240.0"
ifconfig-pool-persist ipp.txt
push "dhcp-option DNS 1.0.0.1"
push "dhcp-option DNS 1.1.1.1"
push "block-outside-dns"

keepalive 10 120
cipher AES-256-CBC
user nobody
group nogroup
persist-key
persist-tun
verb 3
crl-verify crl.pem
explicit-exit-notify
Rumira Daksith
  • 99
  • 3

1 Answers1

1

Your question is misleading since afaik there isn't any special type of network topology called a CTF network.

But based on the config file sample you provided, if you remove redirect-gateway def1 bypass-dhcp, you also need to remove push "block-outside-dns".

Your tunnel only has routes for 10.8.0.0/24 and 172.31.40.0/20. You're pushing DNS servers 1.0.0.1 and 1.1.1.1, which aren't part of the VPN unless you're forcing all traffic over the tunnel, which is whatredirect-gateway def1 does. So you just deleting the redirect-gateway def1 bypass-dhcp means that the clients will try to get DNS from 1.0.0.1 and 1.1.1.1 locally, but because push "block-outside-dns" is set those requests are blocked and they can't get normal internet access.

Assuming you really mean to push Cloudflare DNS and not some private server in your environment, removing both of those lines should work fine connectivity wise.

A. Trevelyan
  • 478
  • 1
  • 10