Programster's Blog

Tutorials focusing on Linux, programming, and open-source

OpenVPN Server Config Cheatsheet

Change Topology For Windows Clients

The default topology is p2p. If you want to allow Windows clients to be able to connect, you have to change this to subnet. Do this by adding the following line to your server.conf

topology subnet

e.g.

# Push routes to the client to allow it
# to reach other private subnets behind
# the server.  Remember that these
# private subnets will also need
# to know to route the OpenVPN client
# address pool (10.8.0.0/255.255.255.0)
# back to the OpenVPN server.
;push "route 192.168.16.0 255.255.0.0"
;push "route 192.168.20.0 255.255.255.0"
topology subnet

Allow Multiple Clients Using Same Certificate

Uncomment the line:

;duplicate-cn

... by changing it to:

duplicate-cn

Route Only Certain Destination IPs Through The VPN

The default configuration will have all of the client's traffic route through the VPN. If you would prefer that only certain addresses went through the VPN, and the general internet traffic didn't then do the following.

  1. comment out the line push "redirect-gateway def1 bypass-dhcp" in the configuration.
# If enabled, this directive will configure
# all clients to redirect their default
# network gateway through the VPN, causing
# all IP traffic such as web browsing and
# and DNS lookups to go through the VPN
# (The OpenVPN server machine may need to NAT
# or bridge the TUN/TAP interface to the internet
# in order for this to work properly).
#push "redirect-gateway def1 bypass-dhcp"
  1. Add push "route ..." lines for the the routes that you want to go through the VPN like below:
# Push routes to the client to allow it
# to reach other private subnets behind
# the server.  Remember that these
# private subnets will also need
# to know to route the OpenVPN client
# address pool (10.8.0.0/255.255.255.0)
# back to the OpenVPN server.
push "route 192.168.5.0 255.255.255.0"
push "route 192.168.4.0 255.255.255.0"

The example above will route all traffic trying to go to 192.168.4.x and 192.168.5.x through the VPN, and all other traffic to not.

References

Last updated: 17th January 2021
First published: 12th March 2020

This blog is created by Stuart Page

I'm a freelance web developer and technology consultant based in Surrey, UK, with over 10 years experience in web development, DevOps, Linux Administration, and IT solutions.

Need support with your infrastructure or web services?

Get in touch