通过情况下大家配置VPN时,都会直接把默认网关指向服务端。但是这会影响访问公司内网资源,造成一些不便。如果只是希望走VPN访问部分外网资源,可以不让VPN客户端改默认的网关,通过加一些路由表使得到特定地址走VPN。
比如我在公司的时候只是需要访问一下google,可以在VPN服务端新增配置,其中把push redirect-gateway def1 bypass-dhcp给直接注释掉,新push了很多路由表到客户端。另外,在客户端也需要把redirect-gateway给注释掉。这样启动后可以看到只是注入特定的路由表,没有改默认路由。
附上服务端配置:
port 600xxxproto udpdev tunca key/ca.crtcert key/server.crtkey key/server.key # This file should be kept secretdh key/dh1024.pemserver 10.99.1.0 255.255.255.0ifconfig-pool-persist ipp.txtpush "dhcp-option DNS 208.67.220.220"push "dhcp-option DNS 208.67.222.222"#push redirect-gateway def1 bypass-dhcpkeepalive 10 30comp-lzomax-clients 60user nobodygroup nogrouppersist-keypersist-tunstatus openvpn-google.logverb 3mute 20duplicate-cn
add google route rulepush “route 207.223.160.0 255.255.240.0 “push “route 66.249.85.0 255.255.255.0 “push “route 66.249.83.0 255.255.255.0 “push “route 74.125.130.0 255.255.255.0 “push “route 192.178.0.0 255.254.0.0 “push “route 64.233.160.0 255.255.255.0 “push “route 74.125.17.0 255.255.255.0 “push “route 66.249.72.0 255.255.255.0 “push “route 173.194.112.0 255.255.255.0 “push “route 173.194.98.0 255.255.255.0 “push “route 173.194.140.0 255.255.255.0 “push “route 74.125.196.0 255.255.255.0 “push “route 173.194.78.0 255.255.255.0 “push “route 209.85.238.0 255.255.255.0 “push “route 72.14.208.0 255.255.254.0 “push “route 64.233.164.0 255.255.255.0 “push “route 8.15.202.0 255.255.255.0 “push “route 74.125.142.0 255.255.255.0 “push “route 108.177.0.0 255.255.128.0 “push “route 74.125.203.0 255.255.255.0 “push “route 74.125.58.0 255.255.255.0 “push “route 173.194.141.0 255.255.255.0 “push “route 72.14.244.0 255.255.254.0 “push “route 173.194.73.0 255.255.255.0 “push “route 72.14.225.0 255.255.255.0 “push “route 74.125.193.0 255.255.255.0 “push “route 74.125.239.0 255.255.255.0 “push “route 173.255.112.0 255.255.240.0 “push “route 173.194.119.0 255.255.255.0 “push “route 66.249.64.0 255.255.224.0 “push “route 66.249.70.0 255.255.255.0 “push “route 74.125.190.0 255.255.255.0 “push “route 74.125.70.0 255.255.255.0 “push “route 74.125.206.0 255.255.255.0 “push “route 74.125.198.0 255.255.255.0 “push “route 173.194.75.0 255.255.255.0 “push “route 8.34.208.0 255.255.248.0 “push “route 74.125.19.0 255.255.255.0 “push “route 74.125.131.0 255.255.255.0 “push “route 66.102.4.0 255.255.255.0 “push “route 173.194.76.0 255.255.255.0 “push “route 8.34.216.0 255.255.248.0 “push “route 66.249.79.0 255.255.255.0 “push “route 66.249.90.0 255.255.255.0 “push “route 162.216.148.0 255.255.252.0 “push “route 173.194.32.0 255.255.255.0 “push “route 173.194.142.0 255.255.255.0 “push “route 74.125.238.0 255.255.255.0 “push “route 74.125.18.0 255.255.255.0 “push “route 74.125.234.0 255.255.255.0 “push “route 173.194.79.0 255.255.255.0 “push “route 173.194.40.0 255.255.255.0 “push “route 66.249.64.0 255.255.255.0 “push “route 74.125.68.0 255.255.255.0 “push “route 74.125.43.0 255.255.255.0 “push “route 192.158.28.0 255.255.252.0 “push “route 8.35.192.0 255.255.248.0 “push “route 74.125.0.0 255.255.0.0 “push “route 209.85.128.0 255.255.128.0 “push “route 66.249.67.0 255.255.255.0 “push “route 66.249.84.0 255.255.255.0 “push “route 1.2.3.0 255.255.255.0 “push “route 74.125.232.0 255.255.255.0 “push “route 173.194.96.0 255.255.255.0 “push “route 74.125.118.0 255.255.255.0 “push “route 74.125.28.0 255.255.255.0 “push “route 173.194.121.0 255.255.255.0 “push “route 70.32.144.0 255.255.255.0 “push “route 74.125.186.0 255.255.255.0 “push “route 74.125.31.0 255.255.255.0 “push “route 64.233.166.0 255.255.255.0 “push “route 74.125.207.0 255.255.255.0 “push “route 8.8.8.0 255.255.255.0 “push “route 173.194.65.0 255.255.255.0 “push “route 74.125.138.0 255.255.255.0 “push “route 173.194.34.0 255.255.255.0 “push “route 74.125.192.0 255.255.255.0 “push “route 66.249.91.0 255.255.255.0 “push “route 74.125.229.0 255.255.255.0 “push “route 74.125.88.0 255.255.254.0 “push “route 74.125.37.0 255.255.255.0 “push “route 74.125.40.0 255.255.255.0 “push “route 74.125.176.0 255.255.255.0 “push “route 64.233.171.0 255.255.255.0 “push “route 173.194.70.0 255.255.255.0 “push “route 193.142.125.0 255.255.255.0 “push “route 74.125.187.0 255.255.255.0 “push “route 74.125.29.0 255.255.255.0 “push “route 74.125.16.0 255.255.255.0 “push “route 66.249.65.0 255.255.255.0 “push “route 173.194.66.0 255.255.255.0 “push “route 74.125.202.0 255.255.255.0 “push “route 173.194.68.0 255.255.255.0 “push “route 173.194.120.0 255.255.255.0 “push “route 173.194.113.0 255.255.255.0 “push “route 216.239.38.0 255.255.255.0 “push “route 146.148.0.0 255.255.128.0 “push “route 64.233.160.0 255.255.224.0 “push “route 66.102.2.0 255.255.255.0 “push “route 66.249.88.0 255.255.255.0 “push “route 72.14.192.0 255.255.192.0 “push “route 66.249.78.0 255.255.255.0 “push “route 173.194.45.0 255.255.255.0 “push “route 74.125.183.0 255.255.255.0 “push “route 74.125.230.0 255.255.255.0 “push “route 74.125.129.0 255.255.255.0 “push “route 70.32.148.0 255.255.254.0 “push “route 172.253.0.0 255.255.0.0 “push “route 74.125.116.0 255.255.255.0 “push “route 173.194.97.0 255.255.255.0 “push “route 64.233.186.0 255.255.255.0 “push “route 23.236.48.0 255.255.240.0 “push “route 74.125.76.0 255.255.255.0 “push “route 74.125.26.0 255.255.255.0 “push “route 74.125.36.0 255.255.255.0 “push “route 74.125.63.0 255.255.255.0 “push “route 66.249.80.0 255.255.255.0 “push “route 142.250.0.0 255.254.0.0 “push “route 173.194.124.0 255.255.255.0 “push “route 64.233.172.0 255.255.255.0 “push “route 173.194.43.0 255.255.255.0 “push “route 23.251.128.0 255.255.224.0 “push “route 74.125.235.0 255.255.255.0 “push “route 162.222.176.0 255.255.248.0 “push “route 74.125.137.0 255.255.255.0 “push “route 173.194.72.0 255.255.255.0 “push “route 173.194.136.0 255.255.255.0 “push “route 74.125.188.0 255.255.255.0 “push “route 74.125.185.0 255.255.255.0 “push “route 173.194.42.0 255.255.255.0 “push “route 74.125.226.0 255.255.255.0 “push “route 74.125.227.0 255.255.255.0 “push “route 216.239.35.0 255.255.255.0 “push “route 1.0.0.0 255.255.255.0 “push “route 173.194.46.0 255.255.255.0 “push “route 74.125.205.0 255.255.255.0 “push “route 216.239.34.0 255.255.255.0 “push “route 74.125.117.0 255.255.255.0 “push “route 173.194.44.0 255.255.255.0 “push “route 74.125.182.0 255.255.255.0 “push “route 74.125.178.0 255.255.255.0 “push “route 74.125.30.0 255.255.255.0 “push “route 216.239.39.0 255.255.255.0 “push “route 74.125.231.0 255.255.255.0 “push “route 66.249.92.0 255.255.255.0 “push “route 66.102.0.0 255.255.240.0 “push “route 216.239.44.0 255.255.254.0 “push “route 74.125.74.0 255.255.255.0 “push “route 173.194.33.0 255.255.255.0 “push “route 216.58.192.0 255.255.224.0 “push “route 173.194.117.0 255.255.255.0 “push “route 74.125.191.0 255.255.255.0 “push “route 74.125.22.0 255.255.255.0 “push “route 173.194.35.0 255.255.255.0 “push “route 74.125.201.0 255.255.255.0 “push “route 216.239.32.0 255.255.224.0 “push “route 74.125.121.0 255.255.255.0 “push “route 66.249.89.0 255.255.255.0 “push “route 108.59.80.0 255.255.240.0 “push “route 74.125.224.0 255.255.255.0 “push “route 172.217.0.0 255.255.0.0 “push “route 74.125.119.0 255.255.255.0 “push “route 113.197.106.0 255.255.255.0 “push “route 64.233.173.0 255.255.255.0 “push “route 66.102.3.0 255.255.255.0 “push “route 74.125.177.0 255.255.255.0 “push “route 74.125.41.0 255.255.255.0 “push “route 74.125.189.0 255.255.255.0 “push “route 74.125.24.0 255.255.255.0 “push “route 74.125.236.0 255.255.255.0 “push “route 74.125.143.0 255.255.255.0 “push “route 8.35.200.0 255.255.248.0 “push “route 173.194.67.0 255.255.255.0 “push “route 72.14.228.0 255.255.255.0 “push “route 173.194.36.0 255.255.255.0 “push “route 74.125.184.0 255.255.255.0 “push “route 64.233.168.0 255.255.255.0 “push “route 173.194.41.0 255.255.255.0 “push “route 74.125.90.0 255.255.254.0 “push “route 173.194.118.0 255.255.255.0 “push “route 173.194.37.0 255.255.255.0 “push “route 107.178.192.0 255.255.192.0 “push “route 173.194.0.0 255.255.0.0 “push “route 74.125.180.0 255.255.255.0 “push “route 74.125.200.0 255.255.255.0 “push “route 74.125.233.0 255.255.255.0 “push “route 74.125.122.0 255.255.255.0 “push “route 70.32.128.0 255.255.224.0 “push “route 130.211.0.0 255.255.0.0 “push “route 74.125.237.0 255.255.255.0 “push “route 74.125.42.0 255.255.255.0 “push “route 173.194.64.0 255.255.255.0 “push “route 74.125.20.0 255.255.255.0 “push “route 173.194.127.0 255.255.255.0 “push “route 74.125.128.0 255.255.255.0 “push “route 173.194.39.0 255.255.255.0 “push “route 74.125.194.0 255.255.255.0 “push “route 66.249.77.0 255.255.255.0 “push “route 173.194.69.0 255.255.255.0 “push “route 74.125.136.0 255.255.255.0 “push “route 74.125.54.0 255.255.254.0 “push “route 173.194.99.0 255.255.255.0 “push “route 66.249.74.0 255.255.255.0 “push “route 66.249.93.0 255.255.255.0 “push “route 66.249.69.0 255.255.255.0 “push “route 74.125.25.0 255.255.255.0 “push “route 74.125.228.0 255.255.255.0 “push “route 64.233.165.0 255.255.255.0 “push “route 216.239.36.0 255.255.255.0 “push “route 173.194.91.0 255.255.255.0 “push “route 74.125.21.0 255.255.255.0 “push “route 74.125.73.0 255.255.255.0 “push “route 216.239.32.0 255.255.255.0 “push “route 108.170.192.0 255.255.192.0 “push “route 199.223.232.0 255.255.248.0 “push “route 74.125.225.0 255.255.255.0 “push “route 199.192.112.0 255.255.252.0 “push “route 173.194.77.0 255.255.255.0 “push “route 66.249.73.0 255.255.255.0 “push “route 66.249.81.0 255.255.255.0 “push “route 64.233.167.0 255.255.255.0 “push “route 8.8.4.0 255.255.255.0 “push “route 74.125.72.0 255.255.255.0 “push “route 74.125.135.0 255.255.255.0 “push “route 74.125.45.0 255.255.255.0 “push “route 216.239.33.0 255.255.255.0 “push “route 107.167.160.0 255.255.224.0 “push “route 173.194.38.0 255.255.255.0 “push “route 1.1.1.0 255.255.255.0 “push “route 74.125.195.0 255.255.255.0 “push “route 74.125.204.0 255.255.255.0 “push “route 173.194.126.0 255.255.255.0 “push “route 74.125.23.0 255.255.255.0 “push “route 66.249.66.0 255.255.255.0 “push “route 66.249.76.0 255.255.255.0 “push “route 173.194.71.0 255.255.255.0 “push “route 74.125.181.0 255.255.255.0 “# add opendns route rulepush “route 208.67.0.0 255.255.0.0 "
客户端配置:```bash
clientdev tunproto udpremote xx.xx.xx.xx 60xxxresolv-retry infinitenobindpersist-keypersist-tunca openvzca.crtcert openvz.crtkey openvz.keyns-cert-type servercomp-lzoverb 3mute 20keepalive 20 60;redirect-gatewaymax-routes 10000