How to avoid KDE vpn to redirect all traffic through the VPN?

Hello :slight_smile:

I just setup a VPN server with OpenVPN on a remote machine. It seems to work so far.

I created a client configuration and keys on my Debian+KDE computer and when I start the VPN client through command-line:

sudo openvpn --config ~/client.ovpn

The VPN connects and I can ping VPN devices and Internet:

ping 10.8.x.x #works
ping example.com #works, because not redirected through the VPN

After, I am configuring the VPN client through the “Configure Network connections” by “Add new connection” and then “Import VPN connection”

This connects correctly, and I can ping VPN local devices, but I can’t reach Internet because all traffic attempt to go through the VPN. This is intended as a business VPN to access related servers, it does not accept internet outgoing traffic, and cannot relay unrelated traffic to Internet.

ping 10.8.x.x #Works
ping example.com #Does not work -> trying to go through the VPN

Due to this, I suspect the KDE VPN management to add some redirecting rule. But I could not find how to avoid it.I am looking for some “Use this connection only for resources on its network” or similar configuration.

The client configuration is:

client
dev tun
proto udp
remote <VPN-SERVER-IP> <PORT>
resolv-retry infinite
nobind
ca ca.crt
cert client.crt
key client.key
remote-cert-tls server
cipher AES-256-CBC
verb 3
tls-auth ta.key 1

Question

How to avoid the KDE VPN GUI to redirect all internet through the VPN?

My machine is:
Debian Bullseye with KDE Plasma.

Best regards
Adrian

I’m not an expert in VPNs, but this sounds more like a configuration issue with NetworkManager or the VPN itself than it does an issue with any KDE software.

Hi :slight_smile:
Actually, when I run the configuration from command line, all works as expected.
Consequently, I deduce that the KDE NetworkManager does something more than just what the openvpn client configuration tells it to do.

I don’t know what the KDE NetworkManager does, so my only option is to ask here. The other alternative is to use the command-line (what I am currently doing), but I use a great and shiny KDE Plasma exactly to avoid command-lines all the time.

Apparently Gnome has the same issue. This seems to be an issue with NetworkManager:

From what I gather using openvpn from the cli respects the default gateway set in the ovpn server, but network manager lacks the ability to apply the routing correctly somehow.

(Hope that makes sense, I’m not very good with networks :slight_smile: )

4 Likes

Hi :slight_smile:

I managed to make it to work:

  1. I went to IPv4 and switched to “Manual”
  2. Added the VPN address and mask.
  3. Open “Route” and added the “push” instruction there.
  4. In the same “Route” interface, select “Use only for resources on this connection”.

With this, all seems to work properly. Consequently, my only remainding criticism is that this could be automatic when importing the ovpn file, and when receiving the push instruction from the server.