问题
I would like my PC to connect to a server running OpenVPN + Samba + file management software. How would I setup so that the PC only connects to the server without tunneling all the internet traffic to the VPN? I would like to keep the Samba Share connection encrypted.
回答1:
You shouldn't push the default route from your OpenVPN server - you push only routes to the network you want to access. For example I have OpenVPN running on internal network, so in OpenVPN server.conf I have this:
push "route 10.10.2.0 255.255.255.0"
push "route 172.16.2.0 255.255.255.0"
This will cause Windows OpenVPN client to add only routes for these 2 networks after connect, so it won't affect the default route and internet traffic.
One caveat is that at least Windows 7 recognizes different networks by their gateways. If the network doesn't have a gateway, Windows is unable to recognize the network and you are unable to choose if is it Home/Work/Public network (which would deny samba access if using Windows Firewall).
The workaround I use is to add a default gateway route with big metric (999), so that it is never used for routing by Windows. I have this in the clients config file, but probably it can be put also to the server's config.
# dummy default gateway because of win7 network identity
route 0.0.0.0 0.0.0.0 vpn_gateway 999
来源:https://stackoverflow.com/questions/15078250/samba-share-over-openvpn-split-tunneling