Routing Specific IP over OpenVPN
Moderator: Moderators
Routing Specific IP over OpenVPN
I have two houses these days and I have installed OpenVPN on my routers and its been working flawlessly.
Both router1 & router2 are connected to the Internet with VPN between them. They have separate subnets.
Now I want to route connections to a specific public IP address to go through the VPN link such that they always appear to come from router1's WAN address. On router2 I added a route in the route table for this specific IP address.
After adding the route I do a ping from router2, no response. I attempt to open a TCP connection and I see conntrack entries that look perfect in router2. But router1 seems to be ignoring this traffic. No conntrack entry. I looked in all the iptable entries on router1 and I do not see anything that should reject this traffic.
So now I am confused and seeking some clues. Please help if you can.
Both router1 & router2 are connected to the Internet with VPN between them. They have separate subnets.
Now I want to route connections to a specific public IP address to go through the VPN link such that they always appear to come from router1's WAN address. On router2 I added a route in the route table for this specific IP address.
After adding the route I do a ping from router2, no response. I attempt to open a TCP connection and I see conntrack entries that look perfect in router2. But router1 seems to be ignoring this traffic. No conntrack entry. I looked in all the iptable entries on router1 and I do not see anything that should reject this traffic.
So now I am confused and seeking some clues. Please help if you can.
Linksys WRT1900ACv2
Netgear WNDR3700v2
TP Link 1043ND v3
TP-Link TL-WDR3600 v1
Buffalo WZR-HP-G300NH2
WRT54G-TM
Netgear WNDR3700v2
TP Link 1043ND v3
TP-Link TL-WDR3600 v1
Buffalo WZR-HP-G300NH2
WRT54G-TM
Re: Routing Specific IP over OpenVPN
from the web
How can I configure the OpenVPN client to ONLY route traffic through the VPN that is destined for a single, specific IP address?
Add to the server config:
Code: Select all
push route 10.8.0.x 255.255.255.255
Re: Routing Specific IP over OpenVPN
This is my server config
Code: Select all
/etc/openvpn/server.conf
Code: Select all
mode server
port 1194
proto udp
tls-server
ifconfig 10.8.0.1 255.255.255.0
topology subnet
client-config-dir /etc/openvpn/ccd
client-to-client
cipher BF-CBC
keysize 128
dev tun
keepalive 25 180
status /var/run/openvpn_status
verb 3
dh /etc/openvpn/dh1024.pem
ca /etc/openvpn/ca.crt
cert /etc/openvpn/server.crt
key /etc/openvpn/server.key
tls-auth /etc/openvpn/ta.key 0
persist-key
persist-tun
comp-lzo
push "topology subnet"
push "route-gateway 10.8.0.1"
route 192.168.25.0 255.255.255.0 10.8.0.2
route 192.168.10.0 255.255.255.0 10.8.0.4
route 192.168.15.0 255.255.255.0 10.8.0.10
route 192.168.99.0 255.255.255.0 10.8.0.11
route 192.168.1.0 255.255.255.0 10.8.0.3
Re: Routing Specific IP over OpenVPN
Suspect the config will be different depending on if your source is behind the VPN server or client?
Re: Routing Specific IP over OpenVPN
The source is any machine on the OpenVPN router2 LAN. These addresses are 192.168.2.x.
I want traffic to this one public IP to route through the VPN to the other router1 (the VPN client).
I tried your suggestion. The router table on router2 is modified to be pretty much what I had previously had but your solution seems cleaner.
Still it seems that when the traffic gets to router1 it does not go anywhere. Pings do not get any response.
I want traffic to this one public IP to route through the VPN to the other router1 (the VPN client).
I tried your suggestion. The router table on router2 is modified to be pretty much what I had previously had but your solution seems cleaner.
Still it seems that when the traffic gets to router1 it does not go anywhere. Pings do not get any response.
Linksys WRT1900ACv2
Netgear WNDR3700v2
TP Link 1043ND v3
TP-Link TL-WDR3600 v1
Buffalo WZR-HP-G300NH2
WRT54G-TM
Netgear WNDR3700v2
TP Link 1043ND v3
TP-Link TL-WDR3600 v1
Buffalo WZR-HP-G300NH2
WRT54G-TM
Re: Routing Specific IP over OpenVPN
Did you try
where x.x.x.x is your destination address and 10.8.0.1 is your gargoyle openvpn server address
Code: Select all
push "route x.x.x.x 255.255.255.255 10.8.0.1"
Re: Routing Specific IP over OpenVPN
I want to route through the openvpn client. How does adding a route to the openvpn server help? Am I missing something?
Linksys WRT1900ACv2
Netgear WNDR3700v2
TP Link 1043ND v3
TP-Link TL-WDR3600 v1
Buffalo WZR-HP-G300NH2
WRT54G-TM
Netgear WNDR3700v2
TP Link 1043ND v3
TP-Link TL-WDR3600 v1
Buffalo WZR-HP-G300NH2
WRT54G-TM
Re: Routing Specific IP over OpenVPN
My understanding was "push" was pushing it to the client?
Pushed to client
For routes behind the server
Could be wrong
Pushed to client
Code: Select all
push "topology subnet"
push "route-gateway 10.8.0.1"
Code: Select all
route 192.168.25.0 255.255.255.0 10.8.0.2
route 192.168.10.0 255.255.255.0 10.8.0.4
route 192.168.15.0 255.255.255.0 10.8.0.10
route 192.168.99.0 255.255.255.0 10.8.0.11
route 192.168.1.0 255.255.255.0 10.8.0.3
Re: Routing Specific IP over OpenVPN
# Push routes to the client to allow it
# to reach other private subnets behind
# the server. Remember that these
# private subnets will also need
# to know to route the OpenVPN client
# address pool (10.8.0.0/255.255.255.0)
# back to the OpenVPN server.
;push "route 192.168.10.0 255.255.255.0"
;push "route 192.168.20.0 255.255.255.0"
Re: Routing Specific IP over OpenVPN
I guess this refers to the openvpn client? In my case that is 192.168.5.1.# Push routes to the client to allow it
Code: Select all
root@tpwifi:~# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default xx.xx.xx.xx 0.0.0.0 UG 0 0 0 eth0
10.8.0.0 * 255.255.255.0 U 0 0 0 tun0
192.168.2.0 10.8.0.1 255.255.255.0 UG 0 0 0 tun0
192.168.5.0 * 255.255.255.0 U 0 0 0 br-lan
root@tpwifi:~#
Also when I add a "push" in server.conf I do not see any effect in the client's route table.
Routes in the server look like this.
Code: Select all
root@BixelRouter:/etc/openvpn# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default xx.xx.xx.xx 0.0.0.0 UG 0 0 0 eth1
10.8.0.0 * 255.255.255.0 U 0 0 0 tun0
66.175.212.222 10.8.0.2 255.255.255.255 UGH 0 0 0 tun0
192.168.2.0 * 255.255.255.0 U 0 0 0 br-lan
192.168.5.0 10.8.0.2 255.255.255.0 UG 0 0 0 tun0
Linksys WRT1900ACv2
Netgear WNDR3700v2
TP Link 1043ND v3
TP-Link TL-WDR3600 v1
Buffalo WZR-HP-G300NH2
WRT54G-TM
Netgear WNDR3700v2
TP Link 1043ND v3
TP-Link TL-WDR3600 v1
Buffalo WZR-HP-G300NH2
WRT54G-TM