Not allow all traffic through openvpn

Huzaifa khan

11/5/23, 10:20 PM

I have installed the OpenVpn server in my Ubuntu 22.04. When i connect to my openvpn server then all traffic start going through it however, i don't want it.

My server.conf is following:

    port 1194
;proto tcp
proto udp
dev tun
ca keys/ca.crt
cert keys/server.crt
key keys/server.key
dh none
topology subnet
ifconfig-pool-persist ipp.txt
server 10.8.0.0 255.255.255.0
crl-verify keys/crl.pem
;push "route 192.168.10.0 255.255.255.0"
;push "route 192.168.20.0 255.255.255.0"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
keepalive 10 120
;tls-auth ta.key 0 # This file is secret
tls-crypt keys/ta.key
cipher BF-CBC        # Blowfish (default)
;cipher DES-EDE3-CBC  # Triple-DES
;cipher AES-256-GCM  # AES 256 - for openvpn version 2.4+
auth SHA256
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status /tmp/openvpn-status.log 3
verb 3
tun-mtu             1500
mssfix              1300

.OVPN

dev                 tun_apxsr
proto               udp
client
remote              demo5.apxst.com 1194
cipher              BF-CBC
auth                SHA256
resolv-retry        infinite
persist-key
persist-tun
#ns-cert-type       server
comp-lzo
keepalive           9 30
verb                3
nobind
tun-mtu             1500
mssfix              1300
mute                20
redirect-gateway autolocal
key-direction 1
status             /var/log/tun_apxsr.status

267

0 + 5

networking

ubuntu

openvpn

ubuntu-22.04

Tero Kilkanen

11/6/23, 9:43 AM

You must re-create the secret credentials you posted with your configuration. Before doing that, you need to take your VPN server offline because anyone can access it when you published the secrets within the question.

djdomi

11/6/23, 9:52 AM

however, it would not be the first vpn service that is beeing "pwened". it needs clarity what you want to allow or deny, mostly iptables will solve the problem. if its just for a specific ip or subnet it could be handled by routing and to restrict this i. e. only a specific port, it's iptables again

Huzaifa khan

11/6/23, 10:58 AM

Thanks @djdomi i don't want my public traffic go through VPN should only specific traffic go to VPN. please suggest what can i do for this. will it handle by routing or iptables?

djdomi

11/6/23, 4:00 PM

`redirect-gateway autolocal` does exactly what you wanted: redirect all traffic to the tunnel, did you read the manual? and for your information, only editing the Question does not remove the SSL-Cert-Keys from the Platform, nor from the Internet :-)

Huzaifa khan

11/6/23, 11:22 PM

@djdomi I have also tried to remove the redirect-gateway autolocal from client .ovpn but the issue was still same then i have reverted it. Can you please let me know exactly what should i do to deny all public traffic from openvpn server? BTW to configure the openvpn i had follow this https://hinty.io/ivictbor/setup-openvpn-server-on-ubuntu-22-04/

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Not allow all traffic through openvpn

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.