OpenVPN allow only specific subnet/IP to use VPN

Spread the love

I had a VPN to access a database. Now it was hosted at the other end of the world (because most of the Devs were there). It was causing my whole internet to be slowed down. So, I had to find the IP of the DB. So, for that I used Resource monitor of windows to find the IP of the DB service (SSMS was connecting to that IP) and configured in OPENVPN config to route only this IP range (Subnet).

e.g. config:

pull-filter ignore "redirect-gateway"
#ignore-unknown-option block-outside-dns
#setenv opt block-outside-dns # Prevent Windows 10 DNS leak
verb 3
route vpn_gateway

I have disabled the ‘redirect-gateway’ and removed the DNS leak (If you work on some internal IP or very confidential project, then you may be required to use the DNS provided by VPN server. For that I don’t have solution).

Then I have added the route, which needs to be route through the VPN. It’s not a sepcific IP but a range from –

Now my SSMS is connecting to the server using VPN and other websites are working without VPN.

Further there may be websites which are only accessible through the VPN. So, you need to add the internal IP of each website (Yeah, it’s very long process) in the host file


In the above case ‘’ is the public IP of your website (If available through public DNS, else I think we can skip this line), then is the internal IP of website. So, what we are doing is, we are redirecting the request to internal IP and then internal IP is mapped your website. This way your DNS will work properly for internal websites. You can get the internal IP of website by connecting to VPN using the untouched configuration and tracing the route using the ‘tracert’ command.

Also add the internal IP in the config file:


route vpn_gateway

Cheers and Peace out!!!