OpenVPN is working great and all, but I was having trouble getting my other LAN hosts to connect to the OpenVPN client system (a Raspberry Pi) while also keeping the services I normally run on it available from the internet. On the remote server, I was using
redirect-gateway def1, which works but makes some assumptions about how you intend to use it.
After a lot of frustration and perusal of almost-but-not-quite posts on OpenVPN troubleshooting, I came across an article which didn’t mention OpenVPN but instead discussed how to set default routes for multiple interfaces.
Here’s what I took away. Extra lines in /etc/openvpn/client.conf:
and in multiple_gateways.sh:
/sbin/ip route add _local_net_/24 dev eth0 src _local_ip_ table mypriv
/sbin/ip route add default via _local_gateway_ dev eth0 table mypriv
/sbin/ip rule add from _local_ip_/32 table mypriv
/sbin/ip rule add to _local_ip_/32 table mypriv
One caveat: I haven’t done a ton of testing, and after rebooting my Pi, it didn’t come up cleanly, so a
down.sh script may be needed to tear down the extra config when OpenVPN disconnects. That being said, I have services available from the internet, connections from the LAN to the Pi working, and the default route for outgoing connections still going over the VPN.