How to disable routes for remote networks in OpenVPN tunnels

Overview

OpenVPN publishes routes for Remote Networks defined for each VPN Tunnel in the OpenVPN server tab. This creates a star network topology, allowing remote access into any network via the OpenVPN server. In some cases you may prefer to restrict access to these remote networks. This requires custom parameters defined in the advanced client configuration.

Note: The following configuration also overrides the "Exported Networks" setting.

Configuration

  1. In the OpenVPN app, go to Advanced.
  2. In the Client Configuration click Add to configure the following:
    • route-nopull - This instructs the client to ignore routes published from the server
    • route - the IP route for any subnets that you want to send over the VPN tunnel. The format should be the subnet followed by the mask (e.g. 192.168.100.0 255.255.255.0).
  3. For each subnet add a new line using the "route" option.
  4. Click Save.

openvpn-route-nopull.png

Note: For new VPN profiles, this setting is added to the profile. For existing VPN profiles you must re-download the configuration and re-import into the remote client.

Follow
Was this article helpful?
2 out of 2 found this helpful
Have more questions? Submit a request

Comments

0 comments

Please sign in to leave a comment.

Powered by Zendesk