Openvpn – Allow VMWare client to connect only via VPN

openvpnvmware-esx

I have a VMWare (currently using Workstation on Vista, but thinking about switching to ESX) client with Windows XP. I've installed OpenVPN in the client and it connects to the corporate VPN server. I want to make sure that all traffic from the Windows XP machine goes trough this VPN tunnel, but I can't change any settings on the corporate VPN server.

Is it possible to restrict the internet connectivity of the Windows XP client in such a way that it can only send packets to the IP of the corporate VPN server? In that way it'd be impossible for packets to bypass the tunnel. I've looked at NAT configurations but couldn't see how I could make this setup.

Best Answer

I do not have a windows box handy, but in advanced TCP/IP settings there is a checkbox that says "Use Default Gateway on Remote Network". This will do what you need.

Double-click My Computer, and then click the Network and Dial-up Connections link. Right-click the VPN connection that you want to change, and then click Properties. Click the Networking tab, click Internet Protocol (TCP/IP) in the Components checked are used by this connection list, and then click Properties. Click Advanced, and then click the Use default gateway on remote network

Related Solutions

VPN Network Ping Issues – Why Pings from VPN Network to Client Work but Not Vice Versa?

The root cause of this problem were some implicit default routes that were not visible in the tables displayed by /sbin/route but were visible in tables displayed by /sbin/ip route and /sbin/ip rule.

Then these tables were displayed it became apparent that a rule of this kind:

default table route_eth0 via 10.11.11.1  dev eth0

was overriding this rule:

10.8.0.0        10.11.11.2      255.255.255.0   UG    0      0        0 eth0

By editing /etc/sysconfig/network-scripts/route-eth0 (presumably with /sbin/ip route, though did it manually in this case), I was able to fix the issue.

So, what I learnt from this is that /sbin/route can't be relied upon to give you an accurate picture of Linux's effective routing rules and that it is better to use /sbin/ip for this purpose.

Thanks to ptman whose answer to this question helped me see the light. Thank you ptman!

OpenVPN Access Server – How Do You Route All Client Traffic Through The VPN

On AWS Web Console, select your OpenVPN Access Server instance, then select "Actions", then select "Networking" then disable "Change Source/Destination Check"

Best Answer

Related Solutions

VPN Network Ping Issues – Why Pings from VPN Network to Client Work but Not Vice Versa?

OpenVPN Access Server – How Do You Route All Client Traffic Through The VPN

Related Topic