Redirect a specific external IP address traffic via the VPN


Hello, I need help.

Clients connect to the Nethserver via VPN. Nethserver services are accessed via the VPN, all other internet traffic accesses the internet locally regardless of the VPN.

The public IP address of the clients is dynamic and this causes problems. The clients should connect to another public server that uses a White List to allow the connection, but this requires a fixed IP on the client side, which it doesn’t have. Nethserver has a public static IP address.

I was wondering if I could take advantage of this and redirect traffic to the other server on the client via Nethserver’s VPN?

If this can be solved, how should I deal with it?

Thanks and Regards

This can be done, using a “pushed” route specific for this access to the NethServer.
All “other” Internet access would be done directly from the local device (VPN client).

This can be included in the OpenVPN config file distributed to clients.

The targets whitelist should cover the gateway public IP of your NethServer - and maybe also the internal VPN IP (Which can be “fixed” pro VPN client…). This would need additional tests.

As to specifics, like a howto, it would be very difficult, as no versions are stated.
Are you using NethServer 1.0? :slight_smile:

My 2 cents

1 Like

Hi Andy,

I still use the NethServer release 7.9.2009 (final) version :slight_smile:

Do you have a solution?



I’m rather busy doing a migration :slight_smile: but this here may help.

More info on Gateways: in OpenVPN configs

→ You need to push the external IP of the RDP Server to access and the gateway for the client to use (Your nethServer’s IP.

You can manually add this info (AFAIK) directly to the OpenVPN config file before forwarding this to the client…

Hope this helps

My 2 cents

I know that the push “route /32” line should be added to the openVPN server config. is the IP address of the server that the clients would reach via the Nethserver VPN, the traffic for this would be redirected from the client side to the VPN.

I entered the <specified-host-IP-address/32 line in the Custom routes setting of the Road Warrior server. This created the push “route” line in host-to-net.conf.

I connect to the Nethserver with the client via VPN and type into the browser on the client, but it rejects the connection with a timed out.

I do something wrong?


As said, it may be possible that MS-RDP transports it’s origin IP - the IP the VPN is using.
This may also need to be whitelisted at the site of that MS server…

My 2 cents

Sorry, I don’t understand. I don’t use MS-RDP and I’d like to connect to an SFTP share. There is no MS server anywhere…

I would like to connect to the SFTP server with its IP address on the WAN interface of the Nethserver through the VPN connection to the Nethserver.