[CentOS] IP forwarding and OpenVPN

Thu Nov 4 15:09:43 UTC 2010
Bart Schaefer <barton.schaefer at gmail.com>

On Thu, Nov 4, 2010 at 7:56 AM, Emmett Culley <emmett at webengineer.com> wrote:
> On 11/04/2010 07:50 AM, Bart Schaefer wrote:
>> Maybe the simplest thing is to change the question:  How can I cause
>> packets forwarded from my LAN to avoid the VPN and go out via the
>> regular default route?
>>
> You can ad a line like:
>
> push "route 192.168.144.0 255.255.255.0"
>
> to the server's configuration file.

Thanks for the suggestion, but (1) I don't have control of the server
configuration and (2) I'm not sure that would work anyway, as what I
want is for packets that come *from* network 192.168.144.0 to (not) be
routed over the VPN, except for those that originate from
192.168.144.1.  Do I misunderstand what that push command will
accomplish?

Regarding (1) I do have a local openvpn-startup script that runs when
the VPN comes up, to which I could add my own route or iptables
commands.  In fact it currently contains:
  iptables -A FORWARD -i tun+ -j ACCEPT
which I should have mentioned before.