Connect to mpd over Openvpn (without changing internet routing)

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP












0














I would like to be able to connect to my home network and access my music there via mpd. I have a VPN network setup at home, so I can securely connect to machines in my home network from outside with minimal security risks. But while at work, I don't want to disturb the usual routing for connecting to the Internet etc.



How should I set up the OpenVPN client configuration file so that I am able to access machines on my home network from outside, without altering Internet routing?



[Alternatively, is there a better way to connect to mpd from outside a network without creating security risks?]



[Edit: my current client conf file looks like this:



client
dev tun
proto udp
remote some.web.site.com 1194
resolv-retry infinite
nobind
persist-key
persist-tun
mute-replay-warnings
ns-cert-type server
key-direction 1
cipher AES-128-CBC
comp-lzo
verb 1
mute 20


]










share|improve this question




























    0














    I would like to be able to connect to my home network and access my music there via mpd. I have a VPN network setup at home, so I can securely connect to machines in my home network from outside with minimal security risks. But while at work, I don't want to disturb the usual routing for connecting to the Internet etc.



    How should I set up the OpenVPN client configuration file so that I am able to access machines on my home network from outside, without altering Internet routing?



    [Alternatively, is there a better way to connect to mpd from outside a network without creating security risks?]



    [Edit: my current client conf file looks like this:



    client
    dev tun
    proto udp
    remote some.web.site.com 1194
    resolv-retry infinite
    nobind
    persist-key
    persist-tun
    mute-replay-warnings
    ns-cert-type server
    key-direction 1
    cipher AES-128-CBC
    comp-lzo
    verb 1
    mute 20


    ]










    share|improve this question


























      0












      0








      0







      I would like to be able to connect to my home network and access my music there via mpd. I have a VPN network setup at home, so I can securely connect to machines in my home network from outside with minimal security risks. But while at work, I don't want to disturb the usual routing for connecting to the Internet etc.



      How should I set up the OpenVPN client configuration file so that I am able to access machines on my home network from outside, without altering Internet routing?



      [Alternatively, is there a better way to connect to mpd from outside a network without creating security risks?]



      [Edit: my current client conf file looks like this:



      client
      dev tun
      proto udp
      remote some.web.site.com 1194
      resolv-retry infinite
      nobind
      persist-key
      persist-tun
      mute-replay-warnings
      ns-cert-type server
      key-direction 1
      cipher AES-128-CBC
      comp-lzo
      verb 1
      mute 20


      ]










      share|improve this question















      I would like to be able to connect to my home network and access my music there via mpd. I have a VPN network setup at home, so I can securely connect to machines in my home network from outside with minimal security risks. But while at work, I don't want to disturb the usual routing for connecting to the Internet etc.



      How should I set up the OpenVPN client configuration file so that I am able to access machines on my home network from outside, without altering Internet routing?



      [Alternatively, is there a better way to connect to mpd from outside a network without creating security risks?]



      [Edit: my current client conf file looks like this:



      client
      dev tun
      proto udp
      remote some.web.site.com 1194
      resolv-retry infinite
      nobind
      persist-key
      persist-tun
      mute-replay-warnings
      ns-cert-type server
      key-direction 1
      cipher AES-128-CBC
      comp-lzo
      verb 1
      mute 20


      ]







      openvpn mpd






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited Feb 7 '15 at 19:51

























      asked Feb 6 '15 at 19:47









      emacsomancer

      257314




      257314




















          2 Answers
          2






          active

          oldest

          votes


















          1














          Set your client to have a route parameter to only your home LAN.
          For example if your home LAN was 192.168.2.0, the the parameter would look like this in the .conf file:



          route 192.168.2.0 255.255.255.0


          and dont push any routes from the server onto the client. This way when the tunnel comes up all you will route through it is the network you put in the route parameter.



          UPDATE:



          Since your server has these push lines:



          push "redirect-gateway def1 bypass-dhcp" 
          push "dhcp-option DNS 8.8.8.8"
          push "dhcp-option DNS 8.8.4.4"


          You need to delete them to have the desired effect you are looking for. It would be even better to have two instances of openvpn running on your server. One with the actual config and one with a modified one that you will use when connected from the office. Just have the two configs listening on different ports and connect to them as desired.



          For example on the actual one put below parameter at end of server config:



          port 1200


          and on the modified one put:



          port 1201


          Then your client can connect to either port depending on your needs.






          share|improve this answer






















          • Currently my client .conf files don't have any lines starting with route.... Does OpenVPN default to pushing all of the routes whenever there is no explicit specification of routes?
            – emacsomancer
            Feb 7 '15 at 17:44






          • 1




            If you have something like this ->push "redirect-gateway" on your server then yes. So the answer is, it depends on your server config.
            – Ricardo
            Feb 7 '15 at 18:06










          • Thanks. My server config has the following "push" lines: push "redirect-gateway def1 bypass-dhcp" push "dhcp-option DNS 8.8.8.8" push "dhcp-option DNS 8.8.4.4"
            – emacsomancer
            Feb 7 '15 at 20:02







          • 1




            I have updated my answer with your server config details.
            – Ricardo
            Feb 7 '15 at 21:06


















          0














          Risking digging up this thread from the dead (it showed up in related).




          Actually, it is pretty simple. You do not have to do anything on the server.



          add the following lines to your .ovpn configuration file:



          route-nopull
          route 192.168.1.210 255.255.255.255 vpn_gateway #for single IP address
          route 172.16.69.0 255.255.255.0 vpn_gateway #for /24 range
          etc...


          This way, the default route will not change, but the traffic flowing toward those IP addresses will go through VPN.



          More information about this can be found in the official OpenVPN manual.



          Excerpt:



          --route-nopull
          When used with --client or --pull, accept options pushed by server EXCEPT
          for routes, block-outside-dns and dhcp options like DNS servers.When used
          on the client, this option effectively bars the server from adding routes
          to the client’s routing table, however note that this option still allows
          the server to set the TCP/IP properties of the client’s TUN/TAP interface.





          share|improve this answer




















            Your Answer








            StackExchange.ready(function()
            var channelOptions =
            tags: "".split(" "),
            id: "106"
            ;
            initTagRenderer("".split(" "), "".split(" "), channelOptions);

            StackExchange.using("externalEditor", function()
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled)
            StackExchange.using("snippets", function()
            createEditor();
            );

            else
            createEditor();

            );

            function createEditor()
            StackExchange.prepareEditor(
            heartbeatType: 'answer',
            autoActivateHeartbeat: false,
            convertImagesToLinks: false,
            noModals: true,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: null,
            bindNavPrevention: true,
            postfix: "",
            imageUploader:
            brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
            contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
            allowUrls: true
            ,
            onDemand: true,
            discardSelector: ".discard-answer"
            ,immediatelyShowMarkdownHelp:true
            );



            );













            draft saved

            draft discarded


















            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f183395%2fconnect-to-mpd-over-openvpn-without-changing-internet-routing%23new-answer', 'question_page');

            );

            Post as a guest















            Required, but never shown

























            2 Answers
            2






            active

            oldest

            votes








            2 Answers
            2






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes









            1














            Set your client to have a route parameter to only your home LAN.
            For example if your home LAN was 192.168.2.0, the the parameter would look like this in the .conf file:



            route 192.168.2.0 255.255.255.0


            and dont push any routes from the server onto the client. This way when the tunnel comes up all you will route through it is the network you put in the route parameter.



            UPDATE:



            Since your server has these push lines:



            push "redirect-gateway def1 bypass-dhcp" 
            push "dhcp-option DNS 8.8.8.8"
            push "dhcp-option DNS 8.8.4.4"


            You need to delete them to have the desired effect you are looking for. It would be even better to have two instances of openvpn running on your server. One with the actual config and one with a modified one that you will use when connected from the office. Just have the two configs listening on different ports and connect to them as desired.



            For example on the actual one put below parameter at end of server config:



            port 1200


            and on the modified one put:



            port 1201


            Then your client can connect to either port depending on your needs.






            share|improve this answer






















            • Currently my client .conf files don't have any lines starting with route.... Does OpenVPN default to pushing all of the routes whenever there is no explicit specification of routes?
              – emacsomancer
              Feb 7 '15 at 17:44






            • 1




              If you have something like this ->push "redirect-gateway" on your server then yes. So the answer is, it depends on your server config.
              – Ricardo
              Feb 7 '15 at 18:06










            • Thanks. My server config has the following "push" lines: push "redirect-gateway def1 bypass-dhcp" push "dhcp-option DNS 8.8.8.8" push "dhcp-option DNS 8.8.4.4"
              – emacsomancer
              Feb 7 '15 at 20:02







            • 1




              I have updated my answer with your server config details.
              – Ricardo
              Feb 7 '15 at 21:06















            1














            Set your client to have a route parameter to only your home LAN.
            For example if your home LAN was 192.168.2.0, the the parameter would look like this in the .conf file:



            route 192.168.2.0 255.255.255.0


            and dont push any routes from the server onto the client. This way when the tunnel comes up all you will route through it is the network you put in the route parameter.



            UPDATE:



            Since your server has these push lines:



            push "redirect-gateway def1 bypass-dhcp" 
            push "dhcp-option DNS 8.8.8.8"
            push "dhcp-option DNS 8.8.4.4"


            You need to delete them to have the desired effect you are looking for. It would be even better to have two instances of openvpn running on your server. One with the actual config and one with a modified one that you will use when connected from the office. Just have the two configs listening on different ports and connect to them as desired.



            For example on the actual one put below parameter at end of server config:



            port 1200


            and on the modified one put:



            port 1201


            Then your client can connect to either port depending on your needs.






            share|improve this answer






















            • Currently my client .conf files don't have any lines starting with route.... Does OpenVPN default to pushing all of the routes whenever there is no explicit specification of routes?
              – emacsomancer
              Feb 7 '15 at 17:44






            • 1




              If you have something like this ->push "redirect-gateway" on your server then yes. So the answer is, it depends on your server config.
              – Ricardo
              Feb 7 '15 at 18:06










            • Thanks. My server config has the following "push" lines: push "redirect-gateway def1 bypass-dhcp" push "dhcp-option DNS 8.8.8.8" push "dhcp-option DNS 8.8.4.4"
              – emacsomancer
              Feb 7 '15 at 20:02







            • 1




              I have updated my answer with your server config details.
              – Ricardo
              Feb 7 '15 at 21:06













            1












            1








            1






            Set your client to have a route parameter to only your home LAN.
            For example if your home LAN was 192.168.2.0, the the parameter would look like this in the .conf file:



            route 192.168.2.0 255.255.255.0


            and dont push any routes from the server onto the client. This way when the tunnel comes up all you will route through it is the network you put in the route parameter.



            UPDATE:



            Since your server has these push lines:



            push "redirect-gateway def1 bypass-dhcp" 
            push "dhcp-option DNS 8.8.8.8"
            push "dhcp-option DNS 8.8.4.4"


            You need to delete them to have the desired effect you are looking for. It would be even better to have two instances of openvpn running on your server. One with the actual config and one with a modified one that you will use when connected from the office. Just have the two configs listening on different ports and connect to them as desired.



            For example on the actual one put below parameter at end of server config:



            port 1200


            and on the modified one put:



            port 1201


            Then your client can connect to either port depending on your needs.






            share|improve this answer














            Set your client to have a route parameter to only your home LAN.
            For example if your home LAN was 192.168.2.0, the the parameter would look like this in the .conf file:



            route 192.168.2.0 255.255.255.0


            and dont push any routes from the server onto the client. This way when the tunnel comes up all you will route through it is the network you put in the route parameter.



            UPDATE:



            Since your server has these push lines:



            push "redirect-gateway def1 bypass-dhcp" 
            push "dhcp-option DNS 8.8.8.8"
            push "dhcp-option DNS 8.8.4.4"


            You need to delete them to have the desired effect you are looking for. It would be even better to have two instances of openvpn running on your server. One with the actual config and one with a modified one that you will use when connected from the office. Just have the two configs listening on different ports and connect to them as desired.



            For example on the actual one put below parameter at end of server config:



            port 1200


            and on the modified one put:



            port 1201


            Then your client can connect to either port depending on your needs.







            share|improve this answer














            share|improve this answer



            share|improve this answer








            edited Feb 7 '15 at 21:05

























            answered Feb 6 '15 at 20:27









            Ricardo

            28613




            28613











            • Currently my client .conf files don't have any lines starting with route.... Does OpenVPN default to pushing all of the routes whenever there is no explicit specification of routes?
              – emacsomancer
              Feb 7 '15 at 17:44






            • 1




              If you have something like this ->push "redirect-gateway" on your server then yes. So the answer is, it depends on your server config.
              – Ricardo
              Feb 7 '15 at 18:06










            • Thanks. My server config has the following "push" lines: push "redirect-gateway def1 bypass-dhcp" push "dhcp-option DNS 8.8.8.8" push "dhcp-option DNS 8.8.4.4"
              – emacsomancer
              Feb 7 '15 at 20:02







            • 1




              I have updated my answer with your server config details.
              – Ricardo
              Feb 7 '15 at 21:06
















            • Currently my client .conf files don't have any lines starting with route.... Does OpenVPN default to pushing all of the routes whenever there is no explicit specification of routes?
              – emacsomancer
              Feb 7 '15 at 17:44






            • 1




              If you have something like this ->push "redirect-gateway" on your server then yes. So the answer is, it depends on your server config.
              – Ricardo
              Feb 7 '15 at 18:06










            • Thanks. My server config has the following "push" lines: push "redirect-gateway def1 bypass-dhcp" push "dhcp-option DNS 8.8.8.8" push "dhcp-option DNS 8.8.4.4"
              – emacsomancer
              Feb 7 '15 at 20:02







            • 1




              I have updated my answer with your server config details.
              – Ricardo
              Feb 7 '15 at 21:06















            Currently my client .conf files don't have any lines starting with route.... Does OpenVPN default to pushing all of the routes whenever there is no explicit specification of routes?
            – emacsomancer
            Feb 7 '15 at 17:44




            Currently my client .conf files don't have any lines starting with route.... Does OpenVPN default to pushing all of the routes whenever there is no explicit specification of routes?
            – emacsomancer
            Feb 7 '15 at 17:44




            1




            1




            If you have something like this ->push "redirect-gateway" on your server then yes. So the answer is, it depends on your server config.
            – Ricardo
            Feb 7 '15 at 18:06




            If you have something like this ->push "redirect-gateway" on your server then yes. So the answer is, it depends on your server config.
            – Ricardo
            Feb 7 '15 at 18:06












            Thanks. My server config has the following "push" lines: push "redirect-gateway def1 bypass-dhcp" push "dhcp-option DNS 8.8.8.8" push "dhcp-option DNS 8.8.4.4"
            – emacsomancer
            Feb 7 '15 at 20:02





            Thanks. My server config has the following "push" lines: push "redirect-gateway def1 bypass-dhcp" push "dhcp-option DNS 8.8.8.8" push "dhcp-option DNS 8.8.4.4"
            – emacsomancer
            Feb 7 '15 at 20:02





            1




            1




            I have updated my answer with your server config details.
            – Ricardo
            Feb 7 '15 at 21:06




            I have updated my answer with your server config details.
            – Ricardo
            Feb 7 '15 at 21:06













            0














            Risking digging up this thread from the dead (it showed up in related).




            Actually, it is pretty simple. You do not have to do anything on the server.



            add the following lines to your .ovpn configuration file:



            route-nopull
            route 192.168.1.210 255.255.255.255 vpn_gateway #for single IP address
            route 172.16.69.0 255.255.255.0 vpn_gateway #for /24 range
            etc...


            This way, the default route will not change, but the traffic flowing toward those IP addresses will go through VPN.



            More information about this can be found in the official OpenVPN manual.



            Excerpt:



            --route-nopull
            When used with --client or --pull, accept options pushed by server EXCEPT
            for routes, block-outside-dns and dhcp options like DNS servers.When used
            on the client, this option effectively bars the server from adding routes
            to the client’s routing table, however note that this option still allows
            the server to set the TCP/IP properties of the client’s TUN/TAP interface.





            share|improve this answer

























              0














              Risking digging up this thread from the dead (it showed up in related).




              Actually, it is pretty simple. You do not have to do anything on the server.



              add the following lines to your .ovpn configuration file:



              route-nopull
              route 192.168.1.210 255.255.255.255 vpn_gateway #for single IP address
              route 172.16.69.0 255.255.255.0 vpn_gateway #for /24 range
              etc...


              This way, the default route will not change, but the traffic flowing toward those IP addresses will go through VPN.



              More information about this can be found in the official OpenVPN manual.



              Excerpt:



              --route-nopull
              When used with --client or --pull, accept options pushed by server EXCEPT
              for routes, block-outside-dns and dhcp options like DNS servers.When used
              on the client, this option effectively bars the server from adding routes
              to the client’s routing table, however note that this option still allows
              the server to set the TCP/IP properties of the client’s TUN/TAP interface.





              share|improve this answer























                0












                0








                0






                Risking digging up this thread from the dead (it showed up in related).




                Actually, it is pretty simple. You do not have to do anything on the server.



                add the following lines to your .ovpn configuration file:



                route-nopull
                route 192.168.1.210 255.255.255.255 vpn_gateway #for single IP address
                route 172.16.69.0 255.255.255.0 vpn_gateway #for /24 range
                etc...


                This way, the default route will not change, but the traffic flowing toward those IP addresses will go through VPN.



                More information about this can be found in the official OpenVPN manual.



                Excerpt:



                --route-nopull
                When used with --client or --pull, accept options pushed by server EXCEPT
                for routes, block-outside-dns and dhcp options like DNS servers.When used
                on the client, this option effectively bars the server from adding routes
                to the client’s routing table, however note that this option still allows
                the server to set the TCP/IP properties of the client’s TUN/TAP interface.





                share|improve this answer












                Risking digging up this thread from the dead (it showed up in related).




                Actually, it is pretty simple. You do not have to do anything on the server.



                add the following lines to your .ovpn configuration file:



                route-nopull
                route 192.168.1.210 255.255.255.255 vpn_gateway #for single IP address
                route 172.16.69.0 255.255.255.0 vpn_gateway #for /24 range
                etc...


                This way, the default route will not change, but the traffic flowing toward those IP addresses will go through VPN.



                More information about this can be found in the official OpenVPN manual.



                Excerpt:



                --route-nopull
                When used with --client or --pull, accept options pushed by server EXCEPT
                for routes, block-outside-dns and dhcp options like DNS servers.When used
                on the client, this option effectively bars the server from adding routes
                to the client’s routing table, however note that this option still allows
                the server to set the TCP/IP properties of the client’s TUN/TAP interface.






                share|improve this answer












                share|improve this answer



                share|improve this answer










                answered Dec 12 at 13:47









                Matas

                11




                11



























                    draft saved

                    draft discarded
















































                    Thanks for contributing an answer to Unix & Linux Stack Exchange!


                    • Please be sure to answer the question. Provide details and share your research!

                    But avoid


                    • Asking for help, clarification, or responding to other answers.

                    • Making statements based on opinion; back them up with references or personal experience.

                    To learn more, see our tips on writing great answers.





                    Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


                    Please pay close attention to the following guidance:


                    • Please be sure to answer the question. Provide details and share your research!

                    But avoid


                    • Asking for help, clarification, or responding to other answers.

                    • Making statements based on opinion; back them up with references or personal experience.

                    To learn more, see our tips on writing great answers.




                    draft saved


                    draft discarded














                    StackExchange.ready(
                    function ()
                    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f183395%2fconnect-to-mpd-over-openvpn-without-changing-internet-routing%23new-answer', 'question_page');

                    );

                    Post as a guest















                    Required, but never shown





















































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown

































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown






                    Popular posts from this blog

                    How to check contact read email or not when send email to Individual?

                    Displaying single band from multi-band raster using QGIS

                    How many registers does an x86_64 CPU actually have?