OpenVPN make redirect-gateway optional

I'm currently running an OpenVPN server for multiple clients. All traffic is directed through the VPN (it's set up as gateway; push "redirect-gateway def1").

So far, all is working fine. However, I'd like to connect a couple of servers to this virtual private network, without these servers using the OVPN daemon as gateway.

These servers have to be accessible from both their WAN as well as their LAN IP address. Certain services will be accessible only from the LAN side.

Is there any way, for a client, to ignore the push redirect-gateway option?

Kind regards, Tuinslak

Just add "route-nopull" to the client openvpn config, then all pushed commands from the server are ignored. To get access to the local net, you must now add e.g. "route 192.168.5.0 255.255.255.0" to the client openvpn config, if the local net you want to connect to is 192.168.5.0/24.

if 'redirect-gateway' is required for some but not all clients then add a 'client-config-dir' option e.g.

  client-config-dir /etc/openvpn/clients

and inside that directory put files for each client CN, e.g. file Client1 would contain

  push-reset

that way the servers don't get the 'redirect-gateway' pushed by default.

HTH

just replace the default gateway in --up script an you are all set. You don't even have to do anything in --down (I think) or just set it to up.sh as well.

in client.conf

up up.sh

in up.sh (chmod +x)

#!/bin/bash
/sbin/ip route replace default 1.2.3.4

where 1.2.3.4 is your client's default gateway