How do I modify the OpenSSL VPN .ovpn file to support split tunnel?
Zyxel Employee
Question:
When the USG Flex H is configured for Full Tunnel mode but Split Tunnel is also required for specific clients, you can define custom split routing by modifying the SSL VPN configuration file (.ovpn). This document outlines the steps: How do I modify the OpenVPN .ovpn file to support split tunnel?
Answer :
Please navigate to the GUI path VPN > SSL VPN > Ensure that the Internet and Local Networks (Full Tunnel) is enabled > Download the OpenSSL VPN .open file.
Open and edit the .ovpn file by removing the "redirect-gateway" directive and adding the following lines to define the split tunnel destination IP ranges:
As shown below, the user configured 192.168.168.0/24 and 192.168.169.0/24 as the destination IP ranges for the split tunnel.
Step 1: Remove the redirect-gateway directive from the .ovpn file.
Step 2: Add the following configuration to define the split tunnel destination IP ranges:
route-nopull
route 192.168.168.0 255.255.255.0
route 192.168.169.0 255.255.255.0
Once the .ovpn file has been edited, please upload it to the OpenVPN client and verify that the split tunnel is working correctly. The OpenVPN client should be able to access 192.168.168.1
Categories
- All Categories
- 435 Beta Program
- 2.7K Nebula
- 176 Nebula Ideas
- 120 Nebula Status and Incidents
- 6.1K Security
- 436 USG FLEX H Series
- 299 Security Ideas
- 1.6K Switch
- 80 Switch Ideas
- 1.2K Wireless
- 44 Wireless Ideas
- 6.7K Consumer Product
- 276 Service & License
- 430 News and Release
- 88 Security Advisories
- 31 Education Center
- 10 [Campaign] Zyxel Network Detective
- 4.2K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 89 Security Highlight