Adding restricted route to VPN host (self)


When I add a server in Pritunl, it creates a default route that will route all connections through the VPN. This works properly for connection to the VPN host as well (eg. accessing other services like redis server, db server, etc).

However, I only want the VPN to route certain IPs only; I’ve added some different IPs and they all work properly. But when I tried to add the IP of the VPN host, then the connection is broken. I need to add the VPN host so I can access some other services running on other ports of the VPN host.

Is there a way to make that work with pritunl by restricting routes to certain IPs including the VPN host itself?

The public IP address of the Pritunl host cannot be added to the routes, this would break the ability to send VPN packets. The internal VPN subnet IP address of the host will always get routed, there also shouldn’t be any issues routing the local IP address of the Pritunl host.

When I remove the route and add routes; the VPN routes those /32 addresses through the VPN; and the firewalls are configured to allow the VPN to go through (ie: firewall allows connections from the VPN host).

But when I try to connect to the VPN host IP; since it’s not in the route list, it will route through my ISP address; and the firewall blocks because the connection is not from the VPN host address.

Is there a way to tell the VPN host (other service ports) that the connection is coming from the VPN host after the user is connected to the VPN? This is for firewall usage.

You will need to connect to the host with the local IP address if routed or the virtual VPN IP address which is the first address in the virtual VPN network.

How would I do that manually? Typically when I add the route, the VPN client would add the route at higher priority so it would route through the VPN.

Without adding the route to the VPN host, the standard route table will route through my ISP IP Address instead of the VPN tunnel.