Client-side routing

Sometimes, it is useful to allow the VPN server (or other VPN clients) to access resources connected to a particular client. This is known as client-side routing. Client-side routing in OpenVPN requires a CCD file for that client containing an iroute statement. It also requires a corresponding route statement in the OpenVPN server configuration file.

Consider the following network layout:

The subnet 192.168.4.0/24 needs to be accessible from the server-side LAN and the server-side subnet 192.168.122.0/24 needs to be accessible from the client-side LAN. This can be achieved as follows:

Add two lines to the basic-udp-server.conf

Get Mastering OpenVPN now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Mastering OpenVPN by Eric F Crist, Jan Just Keijser

Client-side routing

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly