OpenVPN Server Config Cheatsheet
Change Topology For Windows Clients
The default topology is p2p. If you want to allow Windows clients to be able to connect, you have to change this to subnet. Do this by adding the following line to your server.conf
topology subnet
e.g.
# Push routes to the client to allow it
# to reach other private subnets behind
# the server. Remember that these
# private subnets will also need
# to know to route the OpenVPN client
# address pool (10.8.0.0/255.255.255.0)
# back to the OpenVPN server.
;push "route 192.168.16.0 255.255.0.0"
;push "route 192.168.20.0 255.255.255.0"
topology subnet
Allow Multiple Clients Using Same Certificate
Uncomment the line:
;duplicate-cn
... by changing it to:
duplicate-cn
Route Only Certain Destination IPs Through The VPN
The default configuration will have all of the client's traffic route through the VPN. If you would prefer that only certain addresses went through the VPN, and the general internet traffic didn't then do the following.
- comment out the line
push "redirect-gateway def1 bypass-dhcp"
in the configuration.
# If enabled, this directive will configure
# all clients to redirect their default
# network gateway through the VPN, causing
# all IP traffic such as web browsing and
# and DNS lookups to go through the VPN
# (The OpenVPN server machine may need to NAT
# or bridge the TUN/TAP interface to the internet
# in order for this to work properly).
#push "redirect-gateway def1 bypass-dhcp"
- Add
push "route ..."
lines for the the routes that you want to go through the VPN like below:
# Push routes to the client to allow it
# to reach other private subnets behind
# the server. Remember that these
# private subnets will also need
# to know to route the OpenVPN client
# address pool (10.8.0.0/255.255.255.0)
# back to the OpenVPN server.
push "route 192.168.5.0 255.255.255.0"
push "route 192.168.4.0 255.255.255.0"
References
First published: 12th March 2020