1

I am attempting to use the OpenVPN Access server to create a split-tunnel where some specific /32 addresses go through the tunnel, including our internal subnet.

Currently when connected to the VPN, all internal services are accessible and work as expected. DNS is properly being returned through our internal DNS servers, but routing to external hosts fails.

I'm using two external IP-check type websites to verify the origin of traffic, and it seems that the one that isn't in the split-tunnel config works fine (internet accessible on the client) but the one that is configured to be sent via the tunnel is failing to connect. Ping has no response, but DNS does resolve the IP.

Improve this question

1 Answer 1

Reset to default
2

So when using the OpenVPN Access Server, not only does one need to configure the client to receive the pushed routes, it's also necessary to specify which networks will be behind the OpenVPN NAT.

After adding all of the routes here:

Specify the private subnets to which all clients should be given access (as 'network/netmask_bits', one per line):

And then configuring the server directives under Advanced VPN with the following:

push "route w.x.y.z 255.255.255.255 vpn_gateway"

It finally worked.

Apparently if you don't specify that you want the networks to route behind NAT, it assumes they should be routed normally.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .