How to disable routing all traffic (including web-traffic) through the VPN in client's .ovpn config file?

networking ubuntu vpn openvpn ubuntu-14.04
30,050

Answer 1

In the OpenVPN client file client.ovpn find and comment out this line if it exists:

redirect-gateway
# This is a comment so change line above to this
# redirect-gateway

If the admin or server hasn't put this in the client file or is "pushing" redirect-gateway, you can manually override it following these instructions: IgnoreRedirectGateway.

To help determime how best to proceed, do the following. First reset everything to how things were before vpn (e.g. reboot). Then check you can access local network. Then run:

sudo ip route

This will show current default gateway - make a note of this, we'll call it original. Then run vpn client as normal sudo openvpn config.opvn. Once connection established, run sudo ip route. You should see default gateway has changed, hence everything is being routed through VPN.

Next kill openvpn and run sudo ip route again to check settings have been restored. Then run client with --route-nopull option as it:

--route-nopull for routes and dhcp options like DNS servers. When used on the client, this option effectively bars the server from adding routes to the client's routing table, however note that this option still allows the server to set the TCP/IP properties of the client's TUN/TAP interface.

Finally check using sudo ip route that the default gateway is the same as the original (as that's what the command does). You should in theory have local net access and a vpn interface.

Method 2 essentially accepts the full VPN config but then allows you to manually specify the gateway address.

Answer 2

Have you tried this already? Ubuntu Handbook

Share:
30,050
dKab
Author by

dKab

Updated on September 18, 2022

Comments

  • dKab
    dKab over 1 year

    In order to connect to corporate network I've got these four files

    • ca.crt
    • client.ovpn
    • client.key
    • client.crt

    I couldn't create VPN connection via Ubuntu GUI, but I managed to get it work from command line by cd into folder with these files and sudo openvpn --config client.ovpn. It connects me to network but I can't access any other host outside the network. After a lot of f googling it seems that because routing of all my traffic (including web-traffic) through the VPN is enabled. On forums people suggest to check the checkbox Use this connection only for resources on its network in VPN editing window. But since I couldn't create connection via GUI - I don't have it in the list of connections and hence I can't edit it anyhow via GUI. But maybe I can add something into my client.ovpn config file to solve this?

  • dKab
    dKab about 9 years
    I don't have this line in my client.ovpn, so I tried to run sudo openvpn --route-noexec --config client.ovpn and sudo openvpn --route-nopull --config client.ovpn. After both these commands I couldn't reach nor inner network resources nor outer Internet ones. And moreover now when I run sudo openvpn --config client.ovpn I can't connect to anything at all. What have I done?
  • fswings
    fswings about 9 years
    When you closed or killed the openvpn client it should've restored your default gateway (i.e. it should behave as it did before running the program). Do the following, restart PC and check if you can access the internet etc. There should be no permanent effects if running from command line.
  • fswings
    fswings about 9 years
    You need to check that in between running openvpn, the system restored your original network config.
  • dKab
    dKab about 9 years
    I'm afraid I already tried rebooting and it didn't help.
  • fswings
    fswings about 9 years
    Is the VPN still running?
  • dKab
    dKab about 9 years
    couldn't follow steps shown in Ubuntu Handbook (you can actually see my comment on that matter it's the latest comment so far - Dmitriy May 15, 2015 at 6:34 am )
  • fswings
    fswings about 9 years
    Please post output of sudo ifconfig sudo ip route
  • dKab
    dKab about 9 years
    No, it isn't. When I try to connect to it, I loose internet connection.
  • dKab
    dKab about 9 years
    sudo: ipconfig: command not found
  • fswings
    fswings about 9 years
    On Linux it's sudo ifconfig and NOT IP
  • dKab
    dKab about 9 years
    and output of sudo ip route: default via 192.168.0.1 dev wlan0 proto static 192.168.0.0/24 dev wlan0 proto kernel scope link src 192.168.0.96 metric 9
  • dKab
    dKab about 9 years
  • fswings
    fswings about 9 years
    It's best to add these details to your question otherwise it makes it tricky to see it in the comments.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Multiple OpenVPN connections from one client to one server - connection reset
OpenVPN on Ubuntu 11.10 - unable to redirect default gateway
Strange OpenVPN behavior - disconnects after one minute
Limit/Throttle per user OpenVPN bandwidth using TC
Route everything through VPN except SSH on Port 22
Send all OpenVPN traffic through proxy or TOR proxy?
OpenVPN setup with PIA - Connects but no internet
AEAD Decrypt error: bad packet ID on openvpn using UDP
How to auto(re)connect to openvpn connection?
Ubuntu 17.10 - OpenVPN TAP - Help