Remove redirect-gateway def1 in your OpenVPN server config file (server.conf). In the client config (client.ovpn or client.conf), add a line similar to: route 12.12.12.0 255.255.255.0 vpn_gateway This routes the 12.12.12.0 subnet through the VPN connection and everything else out of the non-VPN connection.

Consider VPN network as private and assign VPN interface to LAN zone to minimize firewall setup. Allow access to VPN server from WAN zone. # Configure firewall uci rename firewall. @ zone [0] = "lan" uci rename firewall. @ zone [1] = "wan" uci rename firewall. @ forwarding [0] = "lan_wan" uci del_list firewall.lan.device= " ${OVPN_DEV} " uci add_list firewall.lan.device= " ${OVPN_DEV} " uci -q So, at the end there is two things extra that I needed to end up with a working openvpn with fully "redirect-gateway" I have to create the tun/tap device and add the iptable rule, every time the system starts. See the openvpn docs; using static keys adds 4 lines per VM to the above total (generate key, scp it to client, add one line to .conf files). OpenVPN doesn't support broadcast. Maybe that breaks some Windows things. The redirect-gateway in the client config reroutes all traffic through the VPN tunnel. cd /etc/openvpn sed -i 's|tls-client|tls-client pull-filter ignore "redirect-gateway"|' client-template.txt Creating OpenVPN Client Templates In order to assign different private IP addresses to each of your OpenVPN client machines, you’ll need to create a separate client template for each computer.

Get Started with OpenVPN Connect. OpenVPN Connect is the free and full-featured VPN Client that is developed in-house. It is the official Client for all our VPN solutions. Any other OpenVPN protocol compatible Server will work with it too. Our desktop client software is directly distributed from our Access Server User portal.

# If redirect-gateway is enabled, the client will redirect it's # default network gateway through the VPN. # It means the VPN connection will firstly connect to the VPN Server # and then to the Internet. # (Please refer to the manual of OpenVPN for more information.) redirect-gateway def1 redirect-gateway ipv6 Jan 16, 2014 · It allows Tun interfaces and the following extra user-added options: fragment, tun-mtu, redirect-gateway, explicit-exit-notify, route-delay, and route-method. It adds an option "Import configuration file" to the import window. It has code cleanup and indentation fixes. It adds "redirect-gateway def1" when importing configurations. The only think i changed in the OpenVPN-as web ui was to set my hostname in the Network Settings, and add my subnet (192.168.1.0/24) to the 'Private Subnet to which all clients should be given access' section in VPN Settings.

Note: By the time of editing, in 2.2.4-RELEASE version of pfSense the only way to route traffic through OpenVPN client seems to be "redirect-gateway def1" advanced option, which redirects absolutely all traffic and pfSense default gateway becomes the same thing with OpenVPN client's gateway and not the ISP's one. There is a way to still route

Mar 01, 2017 · For my Windows using colleagues however, it’s not quite so simple. They must edit their OpenVPN config file and manual add the following line to the end, before restarting their VPN connection. redirect-gateway def1 This file is often just called client.ovpn. Many Internet users possess an Internet connection at home that can be used to host an OpenVPN server. Once servers and clients are correctly configured, all they have to do is to activate the OpenVPN client with redirect-gateway def1 somewhere in the configuration to secure all traffic from eavesdroppers and other malicious parties. To ignore redirect-gateway you can: pull-filter ignore redirect-gateway These commands are added to your client config file. Likewise you can use the keyword reject which tells the VPN server it wasn't accepted. Not sure the use of this. And finally, you can filter other config options too.