OpenVPN is working great and all, but I was having trouble getting my other LAN hosts to connect to the OpenVPN client system (a Raspberry Pi) while also keeping the services I normally run on it available from the internet. On the remote server, I was using redirect-gateway def1
, which works but makes some assumptions about how you intend to use it.
After a lot of frustration and perusal of almost-but-not-quite posts on OpenVPN troubleshooting, I came across an article which didn’t mention OpenVPN but instead discussed how to set default routes for multiple interfaces.
Here’s what I took away. Extra lines in /etc/openvpn/client.conf:
1 2 3 4 | up-delay route-delay 2 script-security 2 route-up /etc/openvpn/multiple_gateways.sh |
and in multiple_gateways.sh:
1 2 3 4 5 | #!/bin/sh /sbin/ip route add _local_net_/24 dev eth0 src _local_ip_ table mypriv /sbin/ip route add default via _local_gateway_ dev eth0 table mypriv /sbin/ip rule add from _local_ip_/32 table mypriv /sbin/ip rule add to _local_ip_/32 table mypriv |
One caveat: I haven’t done a ton of testing, and after rebooting my Pi, it didn’t come up cleanly, so a down.sh
script may be needed to tear down the extra config when OpenVPN disconnects. That being said, I have services available from the internet, connections from the LAN to the Pi working, and the default route for outgoing connections still going over the VPN.