1

I have an OpenVPN server, and would like to make clients route an address range, like 1.2.3.0/24 through VPN. However, I do NOT want to make clients use VPN for a specific IP address on that same range. So the routing table on the clients should look like this:

1.2.3.4/32 - through client's default gateway
1.2.3.0/24 - through VPN

I added the following to my server.conf:

push "route 1.2.3.0 255.255.255.0"

However, this will route 1.2.3.4 through VPN as well. Is there any way to solve this with OpenVPN server config?

sfphoton
  • 127
  • 1
  • 7

1 Answers1

4

You can add a more specific route for the IP address that you don't want to go through the VPN and use the net_gateway and vpn_gateway options to specify the gateway for the route.

push "route 1.2.3.4 255.255.255.255 net_gateway"
push "route 1.2.3.0 255.255.255.0 vpn_gateway"
ilikeMUDs
  • 123
  • 5
  • Can you please elaborate this Answer.? I am blocked at similar situation, where i am using a OpenVPN Community edition. I am not sure on the net_gateway and vpn_gateway how it has to be referenced in server.conf file. I am getting below error when i tried adding a specific route to be excluded. 2022-03-16 17:03:34 C:\WINDOWS\system32\route.exe ADD 1.2.3.4 MASK 255.255.255.0 10.8.0.13 2022-03-16 17:03:34 ROUTE: route addition failed using service: The parameter is incorrect. [status=87 if_index=24] 2022-03-16 17:03:34 Route addition via service failed – Nishchal Dinesh Mar 16 '22 at 11:31
  • The lines in my answer go into your server.conf file. Replace `1.2.3.4 255.255.255.255` and `1.2.3.0 255.255.255.0` with the subnets you want to be routed via the usual gateway or through the VPN. – ilikeMUDs Mar 18 '22 at 13:00
  • I still continue to get the error "ROUTE: route addition failed using service: The parameter is incorrect. [status=87 if_index=24]" when tried connecting from my windows machine through OpenVPN GUI client. the problem is that push "route 168.127.3.4 255.255.255.0" the 4th block is not getting added to the route @ilikeMUDs any suggestion.? – Nishchal Dinesh Mar 21 '22 at 15:13