How can I configure openvpn server without push default gateway?

I need configure my openvpn server to provide some LAN resources, but I don't want route all traffic for my clients.

Here is my sample network description: My LAN is 192.168.1.0/24. Openvpn network is 192.168.100.0/24. I add push route 192.168.1.0 255.255.255.0 in my server side configuration. I would like to allow my clients can access 192.168.1.0/24, but not other traffic.

How can I do this from server side configuration? Is client side configuration the only way to do this?

Solution 1:

Simply do not add the redirect-gateway in the client or server configuration and the default gateway will not be changed.

Solution 2:

This is a client setting.

For Linux clients, in NetworkManager: Edit Connections -> VPN -> (select the vpn configuration you would like to edit) -> Edit -> IPv4/IPv6 -> Routes -> Check the box that says "Use this connection only for resources on its network"

Solution 3:

route-nopull in the .ovpn file, or --route-nopull on the command line.

You'll then have to set up the routes yourself, of course.

Solution 4:

Due to I have ipv4 and ipv6, if I don't want openvpn to set my default gw, I had to add the following lines at my client configuration, and I had to add manually the ipv6 routes:

pull-filter ignore "route-gateway"
route-nopull

If I don't want all the ipv4 traffic necessarily going through my openvpn interface, I had to add only the following line

pull-filter ignore "route-gateway"

The line above would make that my traffic to hosts supporting ipv4 and pv6 will be going through my openvpn connection, while my traffic to hosts with only ipv4 will be going through my wireless interface.

My original client configuration before playing was:

client
dev tun
proto udp
remote ovpn.myserver.com 1194
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
cipher AES-256-CBC
verb 3

Regards,