Enable internet access with the local ISP when an openvpn connection is active

Hi everyone!
I currently have ipfire with firewall rules so that openvpn users cannot browse the internet and can only access the openvpn network, however I require users to be able to browse the internet through each other’s local ISP users, is this possible?

Can you setup a firewall rule?
VPN network
GREEN network allow

VPN network
RED block

do not push redirect-gateway def1 in advanced settings of the OpenVPN server or in the client.ovpn configuration file. See the documentation, quote:

Pushing the redirect-gateway option to clients will cause all IP network traffic originating on client machines to pass through the OpenVPN server

Pushing this option means that ALL the network traffic of the client will be directed through the tunnel and if you do not allow access to the red interface, the internet connection will drop as soon as the client connects to the OpenVPN interface, which is not what you want.

Keep in mind that addressing all the traffic to the tunnel could be also set locally, outside the OpenVPN Connect client but from the OS itself. I am not 100% certain but I believe android has such an option.

1 Like

OpenVPN for Android has a checkbox to make everything go through the vpn tunnel. Default is unchecked if i remember correctly.

Just checked and it is off by default.


second option VPN network NAT to RED block