Connect to mpd over Openvpn (without changing internet routing)
Clash Royale CLAN TAG#URR8PPP
I would like to be able to connect to my home network and access my music there via mpd
. I have a VPN network setup at home, so I can securely connect to machines in my home network from outside with minimal security risks. But while at work, I don't want to disturb the usual routing for connecting to the Internet etc.
How should I set up the OpenVPN client configuration file so that I am able to access machines on my home network from outside, without altering Internet routing?
[Alternatively, is there a better way to connect to mpd
from outside a network without creating security risks?]
[Edit: my current client conf file looks like this:
client
dev tun
proto udp
remote some.web.site.com 1194
resolv-retry infinite
nobind
persist-key
persist-tun
mute-replay-warnings
ns-cert-type server
key-direction 1
cipher AES-128-CBC
comp-lzo
verb 1
mute 20
]
openvpn mpd
add a comment |
I would like to be able to connect to my home network and access my music there via mpd
. I have a VPN network setup at home, so I can securely connect to machines in my home network from outside with minimal security risks. But while at work, I don't want to disturb the usual routing for connecting to the Internet etc.
How should I set up the OpenVPN client configuration file so that I am able to access machines on my home network from outside, without altering Internet routing?
[Alternatively, is there a better way to connect to mpd
from outside a network without creating security risks?]
[Edit: my current client conf file looks like this:
client
dev tun
proto udp
remote some.web.site.com 1194
resolv-retry infinite
nobind
persist-key
persist-tun
mute-replay-warnings
ns-cert-type server
key-direction 1
cipher AES-128-CBC
comp-lzo
verb 1
mute 20
]
openvpn mpd
add a comment |
I would like to be able to connect to my home network and access my music there via mpd
. I have a VPN network setup at home, so I can securely connect to machines in my home network from outside with minimal security risks. But while at work, I don't want to disturb the usual routing for connecting to the Internet etc.
How should I set up the OpenVPN client configuration file so that I am able to access machines on my home network from outside, without altering Internet routing?
[Alternatively, is there a better way to connect to mpd
from outside a network without creating security risks?]
[Edit: my current client conf file looks like this:
client
dev tun
proto udp
remote some.web.site.com 1194
resolv-retry infinite
nobind
persist-key
persist-tun
mute-replay-warnings
ns-cert-type server
key-direction 1
cipher AES-128-CBC
comp-lzo
verb 1
mute 20
]
openvpn mpd
I would like to be able to connect to my home network and access my music there via mpd
. I have a VPN network setup at home, so I can securely connect to machines in my home network from outside with minimal security risks. But while at work, I don't want to disturb the usual routing for connecting to the Internet etc.
How should I set up the OpenVPN client configuration file so that I am able to access machines on my home network from outside, without altering Internet routing?
[Alternatively, is there a better way to connect to mpd
from outside a network without creating security risks?]
[Edit: my current client conf file looks like this:
client
dev tun
proto udp
remote some.web.site.com 1194
resolv-retry infinite
nobind
persist-key
persist-tun
mute-replay-warnings
ns-cert-type server
key-direction 1
cipher AES-128-CBC
comp-lzo
verb 1
mute 20
]
openvpn mpd
openvpn mpd
edited Feb 7 '15 at 19:51
asked Feb 6 '15 at 19:47
emacsomancer
257314
257314
add a comment |
add a comment |
2 Answers
2
active
oldest
votes
Set your client to have a route parameter to only your home LAN.
For example if your home LAN was 192.168.2.0, the the parameter would look like this in the .conf file:
route 192.168.2.0 255.255.255.0
and dont push any routes from the server onto the client. This way when the tunnel comes up all you will route through it is the network you put in the route parameter.
UPDATE:
Since your server has these push lines:
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
You need to delete them to have the desired effect you are looking for. It would be even better to have two instances of openvpn running on your server. One with the actual config and one with a modified one that you will use when connected from the office. Just have the two configs listening on different ports and connect to them as desired.
For example on the actual one put below parameter at end of server config:
port 1200
and on the modified one put:
port 1201
Then your client can connect to either port depending on your needs.
Currently my client .conf files don't have any lines starting withroute...
. Does OpenVPN default to pushing all of the routes whenever there is no explicit specification of routes?
– emacsomancer
Feb 7 '15 at 17:44
1
If you have something like this ->push "redirect-gateway" on your server then yes. So the answer is, it depends on your server config.
– Ricardo
Feb 7 '15 at 18:06
Thanks. My server config has the following "push" lines: push "redirect-gateway def1 bypass-dhcp" push "dhcp-option DNS 8.8.8.8" push "dhcp-option DNS 8.8.4.4"
– emacsomancer
Feb 7 '15 at 20:02
1
I have updated my answer with your server config details.
– Ricardo
Feb 7 '15 at 21:06
add a comment |
Risking digging up this thread from the dead (it showed up in related).
Actually, it is pretty simple. You do not have to do anything on the server.
add the following lines to your .ovpn
configuration file:
route-nopull
route 192.168.1.210 255.255.255.255 vpn_gateway #for single IP address
route 172.16.69.0 255.255.255.0 vpn_gateway #for /24 range
etc...
This way, the default route will not change, but the traffic flowing toward those IP addresses will go through VPN.
More information about this can be found in the official OpenVPN manual.
Excerpt:
--route-nopull
When used with --client or --pull, accept options pushed by server EXCEPT
for routes, block-outside-dns and dhcp options like DNS servers.When used
on the client, this option effectively bars the server from adding routes
to the client’s routing table, however note that this option still allows
the server to set the TCP/IP properties of the client’s TUN/TAP interface.
add a comment |
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "106"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f183395%2fconnect-to-mpd-over-openvpn-without-changing-internet-routing%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
Set your client to have a route parameter to only your home LAN.
For example if your home LAN was 192.168.2.0, the the parameter would look like this in the .conf file:
route 192.168.2.0 255.255.255.0
and dont push any routes from the server onto the client. This way when the tunnel comes up all you will route through it is the network you put in the route parameter.
UPDATE:
Since your server has these push lines:
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
You need to delete them to have the desired effect you are looking for. It would be even better to have two instances of openvpn running on your server. One with the actual config and one with a modified one that you will use when connected from the office. Just have the two configs listening on different ports and connect to them as desired.
For example on the actual one put below parameter at end of server config:
port 1200
and on the modified one put:
port 1201
Then your client can connect to either port depending on your needs.
Currently my client .conf files don't have any lines starting withroute...
. Does OpenVPN default to pushing all of the routes whenever there is no explicit specification of routes?
– emacsomancer
Feb 7 '15 at 17:44
1
If you have something like this ->push "redirect-gateway" on your server then yes. So the answer is, it depends on your server config.
– Ricardo
Feb 7 '15 at 18:06
Thanks. My server config has the following "push" lines: push "redirect-gateway def1 bypass-dhcp" push "dhcp-option DNS 8.8.8.8" push "dhcp-option DNS 8.8.4.4"
– emacsomancer
Feb 7 '15 at 20:02
1
I have updated my answer with your server config details.
– Ricardo
Feb 7 '15 at 21:06
add a comment |
Set your client to have a route parameter to only your home LAN.
For example if your home LAN was 192.168.2.0, the the parameter would look like this in the .conf file:
route 192.168.2.0 255.255.255.0
and dont push any routes from the server onto the client. This way when the tunnel comes up all you will route through it is the network you put in the route parameter.
UPDATE:
Since your server has these push lines:
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
You need to delete them to have the desired effect you are looking for. It would be even better to have two instances of openvpn running on your server. One with the actual config and one with a modified one that you will use when connected from the office. Just have the two configs listening on different ports and connect to them as desired.
For example on the actual one put below parameter at end of server config:
port 1200
and on the modified one put:
port 1201
Then your client can connect to either port depending on your needs.
Currently my client .conf files don't have any lines starting withroute...
. Does OpenVPN default to pushing all of the routes whenever there is no explicit specification of routes?
– emacsomancer
Feb 7 '15 at 17:44
1
If you have something like this ->push "redirect-gateway" on your server then yes. So the answer is, it depends on your server config.
– Ricardo
Feb 7 '15 at 18:06
Thanks. My server config has the following "push" lines: push "redirect-gateway def1 bypass-dhcp" push "dhcp-option DNS 8.8.8.8" push "dhcp-option DNS 8.8.4.4"
– emacsomancer
Feb 7 '15 at 20:02
1
I have updated my answer with your server config details.
– Ricardo
Feb 7 '15 at 21:06
add a comment |
Set your client to have a route parameter to only your home LAN.
For example if your home LAN was 192.168.2.0, the the parameter would look like this in the .conf file:
route 192.168.2.0 255.255.255.0
and dont push any routes from the server onto the client. This way when the tunnel comes up all you will route through it is the network you put in the route parameter.
UPDATE:
Since your server has these push lines:
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
You need to delete them to have the desired effect you are looking for. It would be even better to have two instances of openvpn running on your server. One with the actual config and one with a modified one that you will use when connected from the office. Just have the two configs listening on different ports and connect to them as desired.
For example on the actual one put below parameter at end of server config:
port 1200
and on the modified one put:
port 1201
Then your client can connect to either port depending on your needs.
Set your client to have a route parameter to only your home LAN.
For example if your home LAN was 192.168.2.0, the the parameter would look like this in the .conf file:
route 192.168.2.0 255.255.255.0
and dont push any routes from the server onto the client. This way when the tunnel comes up all you will route through it is the network you put in the route parameter.
UPDATE:
Since your server has these push lines:
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
You need to delete them to have the desired effect you are looking for. It would be even better to have two instances of openvpn running on your server. One with the actual config and one with a modified one that you will use when connected from the office. Just have the two configs listening on different ports and connect to them as desired.
For example on the actual one put below parameter at end of server config:
port 1200
and on the modified one put:
port 1201
Then your client can connect to either port depending on your needs.
edited Feb 7 '15 at 21:05
answered Feb 6 '15 at 20:27
Ricardo
28613
28613
Currently my client .conf files don't have any lines starting withroute...
. Does OpenVPN default to pushing all of the routes whenever there is no explicit specification of routes?
– emacsomancer
Feb 7 '15 at 17:44
1
If you have something like this ->push "redirect-gateway" on your server then yes. So the answer is, it depends on your server config.
– Ricardo
Feb 7 '15 at 18:06
Thanks. My server config has the following "push" lines: push "redirect-gateway def1 bypass-dhcp" push "dhcp-option DNS 8.8.8.8" push "dhcp-option DNS 8.8.4.4"
– emacsomancer
Feb 7 '15 at 20:02
1
I have updated my answer with your server config details.
– Ricardo
Feb 7 '15 at 21:06
add a comment |
Currently my client .conf files don't have any lines starting withroute...
. Does OpenVPN default to pushing all of the routes whenever there is no explicit specification of routes?
– emacsomancer
Feb 7 '15 at 17:44
1
If you have something like this ->push "redirect-gateway" on your server then yes. So the answer is, it depends on your server config.
– Ricardo
Feb 7 '15 at 18:06
Thanks. My server config has the following "push" lines: push "redirect-gateway def1 bypass-dhcp" push "dhcp-option DNS 8.8.8.8" push "dhcp-option DNS 8.8.4.4"
– emacsomancer
Feb 7 '15 at 20:02
1
I have updated my answer with your server config details.
– Ricardo
Feb 7 '15 at 21:06
Currently my client .conf files don't have any lines starting with
route...
. Does OpenVPN default to pushing all of the routes whenever there is no explicit specification of routes?– emacsomancer
Feb 7 '15 at 17:44
Currently my client .conf files don't have any lines starting with
route...
. Does OpenVPN default to pushing all of the routes whenever there is no explicit specification of routes?– emacsomancer
Feb 7 '15 at 17:44
1
1
If you have something like this ->push "redirect-gateway" on your server then yes. So the answer is, it depends on your server config.
– Ricardo
Feb 7 '15 at 18:06
If you have something like this ->push "redirect-gateway" on your server then yes. So the answer is, it depends on your server config.
– Ricardo
Feb 7 '15 at 18:06
Thanks. My server config has the following "push" lines: push "redirect-gateway def1 bypass-dhcp" push "dhcp-option DNS 8.8.8.8" push "dhcp-option DNS 8.8.4.4"
– emacsomancer
Feb 7 '15 at 20:02
Thanks. My server config has the following "push" lines: push "redirect-gateway def1 bypass-dhcp" push "dhcp-option DNS 8.8.8.8" push "dhcp-option DNS 8.8.4.4"
– emacsomancer
Feb 7 '15 at 20:02
1
1
I have updated my answer with your server config details.
– Ricardo
Feb 7 '15 at 21:06
I have updated my answer with your server config details.
– Ricardo
Feb 7 '15 at 21:06
add a comment |
Risking digging up this thread from the dead (it showed up in related).
Actually, it is pretty simple. You do not have to do anything on the server.
add the following lines to your .ovpn
configuration file:
route-nopull
route 192.168.1.210 255.255.255.255 vpn_gateway #for single IP address
route 172.16.69.0 255.255.255.0 vpn_gateway #for /24 range
etc...
This way, the default route will not change, but the traffic flowing toward those IP addresses will go through VPN.
More information about this can be found in the official OpenVPN manual.
Excerpt:
--route-nopull
When used with --client or --pull, accept options pushed by server EXCEPT
for routes, block-outside-dns and dhcp options like DNS servers.When used
on the client, this option effectively bars the server from adding routes
to the client’s routing table, however note that this option still allows
the server to set the TCP/IP properties of the client’s TUN/TAP interface.
add a comment |
Risking digging up this thread from the dead (it showed up in related).
Actually, it is pretty simple. You do not have to do anything on the server.
add the following lines to your .ovpn
configuration file:
route-nopull
route 192.168.1.210 255.255.255.255 vpn_gateway #for single IP address
route 172.16.69.0 255.255.255.0 vpn_gateway #for /24 range
etc...
This way, the default route will not change, but the traffic flowing toward those IP addresses will go through VPN.
More information about this can be found in the official OpenVPN manual.
Excerpt:
--route-nopull
When used with --client or --pull, accept options pushed by server EXCEPT
for routes, block-outside-dns and dhcp options like DNS servers.When used
on the client, this option effectively bars the server from adding routes
to the client’s routing table, however note that this option still allows
the server to set the TCP/IP properties of the client’s TUN/TAP interface.
add a comment |
Risking digging up this thread from the dead (it showed up in related).
Actually, it is pretty simple. You do not have to do anything on the server.
add the following lines to your .ovpn
configuration file:
route-nopull
route 192.168.1.210 255.255.255.255 vpn_gateway #for single IP address
route 172.16.69.0 255.255.255.0 vpn_gateway #for /24 range
etc...
This way, the default route will not change, but the traffic flowing toward those IP addresses will go through VPN.
More information about this can be found in the official OpenVPN manual.
Excerpt:
--route-nopull
When used with --client or --pull, accept options pushed by server EXCEPT
for routes, block-outside-dns and dhcp options like DNS servers.When used
on the client, this option effectively bars the server from adding routes
to the client’s routing table, however note that this option still allows
the server to set the TCP/IP properties of the client’s TUN/TAP interface.
Risking digging up this thread from the dead (it showed up in related).
Actually, it is pretty simple. You do not have to do anything on the server.
add the following lines to your .ovpn
configuration file:
route-nopull
route 192.168.1.210 255.255.255.255 vpn_gateway #for single IP address
route 172.16.69.0 255.255.255.0 vpn_gateway #for /24 range
etc...
This way, the default route will not change, but the traffic flowing toward those IP addresses will go through VPN.
More information about this can be found in the official OpenVPN manual.
Excerpt:
--route-nopull
When used with --client or --pull, accept options pushed by server EXCEPT
for routes, block-outside-dns and dhcp options like DNS servers.When used
on the client, this option effectively bars the server from adding routes
to the client’s routing table, however note that this option still allows
the server to set the TCP/IP properties of the client’s TUN/TAP interface.
answered Dec 12 at 13:47
Matas
11
11
add a comment |
add a comment |
Thanks for contributing an answer to Unix & Linux Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f183395%2fconnect-to-mpd-over-openvpn-without-changing-internet-routing%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown