Connect Debian server to a VPN server and still provide services to the internet

Kazuo asked:

There is one server in the local network (running Debian 7) and one remote VPN server.
I have no control over the remote VPN server.
I need the server in the local network to provide services (webserver etc.) to the internet directly, while I need other connections to be tunneled over the remote VPN.

I know how to setup the local server to use the remote VPN server using OpenVPN but then all connections are tunneled and the server is not listening to incoming connections from the internet anymore (only to incoming connections through the remote vpn) and can not make untunneled connections to the internet.

Is there any way to configure OpenVPN or Debian to allow two types of connection at once so that I can bind all the internet services to the internet, while binding others to the tunneled network?

My answer:


This happens when OpenVPN is configured to tell the client to automatically route all traffic through the VPN. You will need to disable this.

Look for a redirect-gateway option in your OpenVPN server configuration and remove it. For instance it might look like one of the following:

push "redirect-gateway def1"
push "redirect-gateway local def1"

You might need to set up additional static routes for networks on the other side of the VPN connection as well.


View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.