Openvpn windows client route all traffic

You can't really block those unless you want to block all parameters and I would not advise that. Or you could like just remove those rules from your configuration on the access server I guess, and then manually implement it.

Maybe this was a misunderstanding, I don't want to block private subnets on the server-side. I want the possibility that the client can choose whether to route all the traffic through VPN or just related traffic traffic to server-side private subnets.

The goal is to have the possibility to browse the internet from the client side through the VPN if needed. But the default behavior should be to route just traffic to server-side private subnets. The server-side private subnets must be always reachable. I think the last post clarifies what I want: The goal is to have the possibility to browse the internet from the client side through the VPN if needed. I am wondering why this configuration seems so unusual.

Create a free Team What is Teams? Learn more. Asked 11 years, 10 months ago. Active 8 years, 5 months ago.

Viewed 35k times. Improve this question. Jared Harley Filip Ekberg Filip Ekberg 3 3 gold badges 9 9 silver badges 20 20 bronze badges. Add a comment. Active Oldest Votes. Set the VPN Interface as your def gateway making sure it's up Good Luck! For Windows you want to do this on a command line : route add 0. Improve this answer.

While this answer does provide information about adding routes in Windows in general , it's far inferior to Erics answer given the OpenVPN context. On Windows Vista and subsequent, it is often necessary to tell OpenVPN: route-method exe route-delay 2 Otherwise the routes cannot be set. Then I recommend not to change your routes manually but to use the OpenVPN dedicated setting: redirect-gateway def1 There is a big difference between the two: your route interferes with the default one and when your local DHCP renews your lease or something, it might restore the original default route and mess things up.

Eric Darchis Eric Darchis 1, 11 11 silver badges 14 14 bronze badges. However, it was is also useful to have the opportunity to transfer the whole traffic to the mk-gateway.

Therefore the client will make the decision of what routes will be redirected to the mk-gateway. In other words OpenVPN will route complete or selective traffic to a client. The server configuration file is as simple as possible. Note the client-config-dir directive. It provides the flexibility to add specific configurations to the clients. We configure the mk-gateway here. In order to make mk-gateway route any specific traffic, we use the iroute directive.

Good news is that instead of using one general route, we can set routes from 1. We also like a static IP for the mk-gateway :. Initially I configured the gateway to run on Windows 7 machine. Since this machine will be forwarding packets, the OS must be configured to enable forwarding. With a decent router having OpenVPN support, one can bypass the need for an extra computer.

The above creates a connection to the OpenVPN server ch-server as soon as the router is rebooted. Before rebooting, packet forwarding within the router must be enabled. The client astojanov-mac , runs Mac OS X.

Note the redirect-gateway def1 directive. This directive forces the client to change its default gateway and redirect it to the OpenVPN server.

Since the mk-gateway takes all the routes from 1. For this scenario, I use most of the previous settings for redirecting the whole traffic and Tunnelblick, with a modified config.

In order to perform selective routing, instead of redirecting the gateway, we need to rewrite the routing rules to the specific selective trafic that we are planning to redirect. I personally wanted scenario where all Macedonian web sites hosted in Macedonia will be redirected through the mk-gateway.