Using OpenVPN to route a specific subnet to the VPN

I have an OpenVPN server that has the push "redirect-gateway" directive. This directive changes the default gateway of the client to be the OpenVPN server, what I wanted though was to connect to the VPN and access only a specific subnet (eg. 100.200.100.0/24) through it without changing the server config (other people use it as a default gateway).

In the client config I removed the client directive and replaced it with these commands:
tls-client
ifconfig 172.18.0.6 172.18.0.5
route 172.18.0.0 255.255.255.0
route 100.200.100.0 255.255.255.0

What the previous lines do:
tls-client: Acts as a client! (“client” is an alias for “tls-client” + “pull” … but I don’t like what the pull did–>it changed my default route)
ifconfig 172.18.0.6 172.18.0.5: The tun0 interface will have ip 172.18.0.6 on our side and 17.18.0.5 on the server side. The IPs are not random, they are the ones OpenVPN used to assign to me while I was using the “client” directive.
route 172.18.0.0 255.255.255.0: Route all packets to 172.18.0.0 on the tun0 interface. In order to access services running on the OpenVPN server (172.18.0.1) I needed a route to them.
route 100.200.100.0 255.255.255.0: Route all packets to 100.200.100.0 on the tun0 interface

A traceroute to 100.200.100.1 now shows that I accessing that subnet through the vpn.

5 Responses to “Using OpenVPN to route a specific subnet to the VPN”

  1. March 25th, 2010 | 13:41
    Using WordPress WordPress 2.7

    […] Excerpt from: Using OpenVPN to route a specific subnet to the VPN | Into.the.Void. […]

  2. Toni
    March 25th, 2010 | 14:21
    Using Mozilla Firefox Mozilla Firefox 3.5.6 on Windows Windows XP

    What about the case where the IPs obtained are not consistent neither
    for the client (172.18.0.6) nor for the server (172.18.0.5)?

  3. March 26th, 2010 | 19:22
    UsingUnknown browser

    […] This post was mentioned on Twitter by George K.. George K. said: Using OpenVPN to route a specific subnet to the VPN http://ff.im/-i5gSW […]

  4. April 14th, 2010 | 19:22
    Using WordPress WordPress 2.8.5

    […] Using OpenVPN to route a specific subnet to the VPN | Into.the.Void. […]

  5. Teq
    December 23rd, 2013 | 13:45
    Using Mozilla Firefox Mozilla Firefox 26.0 on Linux Linux

    Hi,

    just a short notice, as i stumbled about this:
    If you leave “client” and put “route-nopull” in addition (at least when using tap device) then you are fine already and do not need to put specific ip addresses.

Leave a reply