On Thu, Nov 4, 2010 at 7:56 AM, Emmett Culley <emmett at webengineer.com> wrote: > On 11/04/2010 07:50 AM, Bart Schaefer wrote: >> Maybe the simplest thing is to change the question: How can I cause >> packets forwarded from my LAN to avoid the VPN and go out via the >> regular default route? >> > You can ad a line like: > > push "route 192.168.144.0 255.255.255.0" > > to the server's configuration file. Thanks for the suggestion, but (1) I don't have control of the server configuration and (2) I'm not sure that would work anyway, as what I want is for packets that come *from* network 192.168.144.0 to (not) be routed over the VPN, except for those that originate from 192.168.144.1. Do I misunderstand what that push command will accomplish? Regarding (1) I do have a local openvpn-startup script that runs when the VPN comes up, to which I could add my own route or iptables commands. In fact it currently contains: iptables -A FORWARD -i tun+ -j ACCEPT which I should have mentioned before.