OpenVPN is a popular tool that creates secure point-to-point or site-to-site connections in routed or bridged configurations. However, by default, it routes all network traffic through the VPN. This might not always be desirable, especially if you want to maintain a direct connection to the internet for certain activities. In this article, we will guide you on how to stop OpenVPN from routing all network traffic on Ubuntu.
To stop OpenVPN from routing all network traffic on Ubuntu, you can either remove the "redirect-gateway" option from the client configuration file, add the "pull-filter ignore redirect-gateway" line to the client configuration file, or use the "–pull-filter ignore redirect-gateway" command-line parameter when running OpenVPN. Additionally, you can ignore all routes from the server by adding "route-noexec" or "route-nopull" to the client configuration file, or override routes with specific "route" directives. Restart the OpenVPN service after making any changes.
Understanding the Default Behaviour
OpenVPN, by default, routes all network traffic on the client through the VPN. This is controlled by the redirect-gateway option in the OpenVPN server configuration. When the client connects to the server, it pulls this option and applies it. This might be useful for certain use-cases, but in others, you may want to keep your internet traffic separate from your VPN traffic.
Configuring OpenVPN
To stop OpenVPN from routing all network traffic, you need to modify your client configuration file. This file is usually located in /etc/openvpn and has a .conf or .ovpn extension.
Removing the redirect-gateway Option
The first step is to ensure there are no redirect-gateway lines in your client configuration file. If there is, you can comment it out by adding a # at the beginning of the line or delete it.
#redirect-gateway def1Ignoring redirect-gateway From the Server
Even if you don’t have redirect-gateway in your client configuration, the server might still push this option. To ignore it, add the following line to your client configuration file:
pull-filter ignore redirect-gatewayThis line tells OpenVPN to ignore any redirect-gateway options that the server pushes.
Using Command-Line Parameter
Alternatively, you can use the --pull-filter ignore redirect-gateway command-line parameter when running OpenVPN. This is useful if you don’t want to modify the client configuration file or if you want a temporary solution.
openvpn --config client.ovpn --pull-filter ignore redirect-gatewayOther Methods
Ignoring All Routes
You can also ignore all routes from the server by adding route-noexec or route-nopull to your client configuration file. This will prevent OpenVPN from adding any routes, effectively keeping your internet traffic separate from your VPN traffic.
route-noexecor
route-nopullOverriding Routes
Another method is to override the routes with a set of route directives in your client configuration file. This can be used to specify which traffic should go through the VPN and which should not.
route 0.0.0.0 192.0.0.0 net_gateway
route 64.0.0.0 192.0.0.0 net_gateway
route 128.0.0.0 192.0.0.0 net_gateway
route 192.0.0.0 192.0.0.0 net_gatewayThese lines tell OpenVPN to route traffic with a destination IP in the range 0.0.0.0 to 192.0.0.0 through the default gateway (i.e., not through the VPN).
Restarting OpenVPN
After making any changes to the configuration file, remember to restart the OpenVPN service. You can do this with the following command:
sudo systemctl restart openvpn@clientReplace client with the name of your configuration file.
Conclusion
By following the steps in this guide, you should be able to stop OpenVPN from routing all network traffic on Ubuntu. Remember that these changes can affect your network security and privacy, so use them with caution. For more information on OpenVPN configuration, you can refer to the OpenVPN manual.
The client configuration file is usually located in /etc/openvpn and has a .conf or .ovpn extension.
To comment out a line in a configuration file, you can add a # at the beginning of the line. For example, #redirect-gateway def1 will comment out the redirect-gateway line.
To add a line to a configuration file, you can simply open the file in a text editor and insert the desired line at the appropriate location.
You can restart the OpenVPN service in Ubuntu using the sudo systemctl restart openvpn@client command. Replace client with the name of your configuration file.
