I'm currently running an OpenVPN server for multiple clients. All traffic is directed through the VPN (it's set up as gateway; push "redirect-gateway def1").
So far, all is working fine. However, I'd like to connect a couple of servers to this virtual private network, without these servers using the OVPN daemon as gateway.
These servers have to be accessible from both their WAN as well as their LAN IP address. Certain services will be accessible only from the LAN side.
Is there any way, for a client, to ignore the push redirect-gateway option?
Kind regards, Tuinslak
Just add "route-nopull" to the client openvpn config, then all pushed commands from the server are ignored. To get access to the local net, you must now add e.g. "route 192.168.5.0 255.255.255.0" to the client openvpn config, if the local net you want to connect to is 192.168.5.0/24.
if 'redirect-gateway' is required for some but not all clients then add a 'client-config-dir' option e.g.
and inside that directory put files for each client CN, e.g. file
Client1would containthat way the servers don't get the 'redirect-gateway' pushed by default.
HTH
There is a newer, easier solution for this, as of December 2016.
You just need to put this line in your OpenVPN config:
Literally, it filters the options it pulls from the server, and ignores the
redirect-gatewayoption.(According to https://community.openvpn.net/openvpn/wiki/IgnoreRedirectGateway, this was added in OpenVPN 2.4, which was released on 27 December 2016.1)
just replace the default gateway in --up script an you are all set. You don't even have to do anything in --down (I think) or just set it to up.sh as well.
in client.conf
in up.sh (chmod +x)
where 1.2.3.4 is your client's default gateway
Remvoe "redirect-gateway" option in the client configure file, the client's default gateway won't change anymore. tested under Archlinux/OpenVPN 2.3.2.