How to avoid KDE vpn to redirect all traffic through the VPN?

Hello :slight_smile:

I just setup a VPN server with OpenVPN on a remote machine. It seems to work so far.

I created a client configuration and keys on my Debian+KDE computer and when I start the VPN client through command-line:

sudo openvpn --config ~/client.ovpn

The VPN connects and I can ping VPN devices and Internet:

ping 10.8.x.x #works
ping #works, because not redirected through the VPN

After, I am configuring the VPN client through the “Configure Network connections” by “Add new connection” and then “Import VPN connection”

This connects correctly, and I can ping VPN local devices, but I can’t reach Internet because all traffic attempt to go through the VPN. This is intended as a business VPN to access related servers, it does not accept internet outgoing traffic, and cannot relay unrelated traffic to Internet.

ping 10.8.x.x #Works
ping #Does not work -> trying to go through the VPN

Due to this, I suspect the KDE VPN management to add some redirecting rule. But I could not find how to avoid it.I am looking for some “Use this connection only for resources on its network” or similar configuration.

The client configuration is:

dev tun
proto udp
resolv-retry infinite
ca ca.crt
cert client.crt
key client.key
remote-cert-tls server
cipher AES-256-CBC
verb 3
tls-auth ta.key 1


How to avoid the KDE VPN GUI to redirect all internet through the VPN?

My machine is:
Debian Bullseye with KDE Plasma.

Best regards

I’m not an expert in VPNs, but this sounds more like a configuration issue with NetworkManager or the VPN itself than it does an issue with any KDE software.

Hi :slight_smile:
Actually, when I run the configuration from command line, all works as expected.
Consequently, I deduce that the KDE NetworkManager does something more than just what the openvpn client configuration tells it to do.

I don’t know what the KDE NetworkManager does, so my only option is to ask here. The other alternative is to use the command-line (what I am currently doing), but I use a great and shiny KDE Plasma exactly to avoid command-lines all the time.

Apparently Gnome has the same issue. This seems to be an issue with NetworkManager:

From what I gather using openvpn from the cli respects the default gateway set in the ovpn server, but network manager lacks the ability to apply the routing correctly somehow.

(Hope that makes sense, I’m not very good with networks :slight_smile: )


Hi :slight_smile:

I managed to make it to work:

  1. I went to IPv4 and switched to “Manual”
  2. Added the VPN address and mask.
  3. Open “Route” and added the “push” instruction there.
  4. In the same “Route” interface, select “Use only for resources on this connection”.

With this, all seems to work properly. Consequently, my only remainding criticism is that this could be automatic when importing the ovpn file, and when receiving the push instruction from the server.

Hi @Escain , I’ve trying to replicate this workaround you mention but I don’t understand step 2 and 3. Where did you add the vpn address and mask? And where is the push instruction in the routes dialog?

I do not know if the solution is viable more than one year later, but the instructions is to right click the networks icon in the system tray and select configure network connections.

Then in there, click the vpn you added, select the ipv4 tab, click Add and follow point 2-4.

But the settings really should be accepted from the config of the vpn server AFAIK so this leaves me to think the server config might be incorrect.

Remember that the 2 networks you are trying to connect with each other CAN NOT be on the same subnet, ie both can NOT be for example 192.168.1.x.
192.168.1.x <==> 192.168.2.x works fine.
IF they are, you have to set up a bunch of rerouting and stuff.

Hi, thanks but @Escain 's post is from last december. I know how to get to the vpn configuration, I just don’t see the “push” instruction in the routes dialog. I’m also not sure how to get the vpn address and mask