Confusing myself with OpenVPN

wildest_jjk · 3 Jul 2015 at 21:34

Hi guys,

I have just setup OpenVPN for the first time on my VPS. Everything is connecting and operating fine when I connect to the VPN with my local machine.

My client machine has two NIC ports and I only want the traffic being sent and receive on one of the ports to be running through the VPN. How do I do this? I feel I should know the answer to this but I can't decide if it is in the OpenVPN config or if I need to set it up on Windows.

All I can see is the TAP adapter but because I have enabled the "push "redirect-gateway def1 bypass-dhcp"" command in the OpenVPN server config all of the traffic goes through it.

I need someway of limiting it to the traffic on one port?

Thanks for any help

wildest_jjk · 4 Jul 2015 at 00:20

As far as I can see it's either adding a static address in windows with something like 'route add' or by adding the route command in the OpenVPN client config (though I'm not sure if this is for source or destination addresses?).

Are either of these correct?

Cheers

wildest_jjk · 4 Jul 2015 at 16:33

I have tried both but still no luck, I'm sure it has to do with the Windows routing but I can't quite work out how to do it!

oli356 · 4 Jul 2015 at 17:29

Usually a VPN with your requirement needs to be a split tunnel. You destine traffic based by destination IP to go over the tunnel...

I've never used OpenVPN before so don't know how it works on here but I'm sure google can help "OpenVPN split tunnel"

wildest_jjk · 5 Jul 2015 at 12:23

Thanks for the response. I have had a look at this and can see what you mean. The issue I am having though is that I want to direct traffic entering a different NIC on my PC. However the VPN seems to want to just forward all my traffic with my main NIC.

I need some way of specifying the port of the other NIC to be what runs over the VPN. But I'm not sure how to do this when things like split tunneling require destination IP address all of the time?

Another issue I have come across is speed. This is the difference in speed when accessing without the VPN and then with the VPN:

Surely the speeds shouldn't be that different?

Thanks again

matthab · 6 Jul 2015 at 11:37

Your VPN is not as capable as your Fibre. The throughput depends on your VPS provider and your OpenVPN performance. You will always lose a bit of speed when using VPNs.

Split tunnelling only works for example if one is a company network with defined end point subnets and the other is the internet. If you know the network on the other end then put a route in. Normally like this:

Remote network > next hop is VPN Gateway.

Also in OpenVPN I think you have to enable split tunnelling? You can also tell OpenVPn to only route certain traffic on the client config. Try this guide - https://www.void.gr/kargig/blog/2010/03/25/using-openvpn-to-route-a-specific-subnet-to-the-vpn/

Hopefully I have been helpful

, sorry if not

.

wildest_jjk · 6 Jul 2015 at 12:10

Thanks for the response

I have been able to quite a speed improvement over the VPN now:

Compared to the previously posted:

However I'm still not happy as I think it could still be a bit better. I guess I can't complain but I just hate not knowing why!

With regards to the split tunneling issue I'm still none the wiser as my issue is that I want to alter what adapters on my machine go through the VPN. This is source based routing and not to do with the routes you can add into the OpenVPN config as they are looking at destination addresses (I think).

Thanks again

oli356 · 7 Jul 2015 at 20:05

VPNs will always slow things down. Everything has to be encrypted and decrypted for a start. Often routers will have max throughput for crypto traffic etc. Then as above, you depend on the VPS having a good connection etc etc.