How do I modify the OpenSSL VPN .ovpn file to support split tunnel?
Zyxel Employee
Question:
When the USG Flex H is configured for Full Tunnel mode but Split Tunnel is also required for specific clients, you can define custom split routing by modifying the SSL VPN configuration file (.ovpn). This document outlines the steps: How do I modify the OpenVPN .ovpn file to support split tunnel?
Answer :
Please navigate to the GUI path VPN > SSL VPN > Ensure that the Internet and Local Networks (Full Tunnel) is enabled > Download the OpenSSL VPN .open file.
Open and edit the .ovpn file by removing the "redirect-gateway" directive and adding the following lines to define the split tunnel destination IP ranges:
As shown below, the user configured 192.168.168.0/24 and 192.168.169.0/24 as the destination IP ranges for the split tunnel.
Step 1: Remove the redirect-gateway directive from the .ovpn file.
Step 2: Add the following configuration to define the split tunnel destination IP ranges:
route-nopull
route 192.168.168.0 255.255.255.0
route 192.168.169.0 255.255.255.0
Once the .ovpn file has been edited, please upload it to the OpenVPN client and verify that the split tunnel is working correctly. The OpenVPN client should be able to access 192.168.168.1
Categories
- All Categories
- 438 Beta Program
- 2.7K Nebula
- 183 Nebula Ideas
- 121 Nebula Status and Incidents
- 6.2K Security
- 449 USG FLEX H Series
- 301 Security Ideas
- 1.6K Switch
- 80 Switch Ideas
- 1.2K Wireless
- 44 Wireless Ideas
- 6.8K Consumer Product
- 276 Service & License
- 434 News and Release
- 88 Security Advisories
- 31 Education Center
- 10 [Campaign] Zyxel Network Detective
- 4.2K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 91 Security Highlight