I have recently installed an openvpn server on GCP, in a docker container, from https://github.com/kylemanna/docker-openvpn.

The docker-host has packet forwarding enabled.

Now I am struggling with the configuration. I can connect to the server with my openvpn client, but I cannot either route all traffic through the vpn or no traffic at all.

here is my config:

server 172.21.208.0 255.255.248.0 verb 3 key /etc/openvpn/pki/private/mycompany.key ca /etc/openvpn/pki/ca.crt cert /etc/openvpn/pki/issued/mycompany.net.crt dh /etc/openvpn/pki/dh.pem tls-auth /etc/openvpn/pki/ta.key key-direction 0 keepalive 10 60 persist-key persist-tun proto udp # Rely on Docker to do port mapping, internally always 1194 port 1194 dev tun status /tmp/openvpn-status.log user nobody group nogroup ### Route Configurations Below route 10.250.0.0 255.255.255.0 ### Push Configurations Below push "dhcp-option DNS 8.8.8.8" push "dhcp-option DNS 8.8.4.4" push "route 10.250.0.0 255.255.255.0" 

I have 2 issues here:

1. I don't understand what should I put in the local route at the bottom, before the pushes.
2. "redirect-gateway def1" is added to client.ovpn, but I don't see any config that controls tat behaviour. If I don't remove this from client.ovpn, all traffic is routed through the vpn, but I only need to route 10.250.0.0/24 and access all other addresses directly through my local gateway.

I need the vpn connection to reach the machines in the same subnet the openvpn server is, and nothing more. I don't need my local network to be accessible from GCP, but I understand I need a route to send the packets back to the client (hence the confusion about that route directive).

My local network has class C private addresses (192.168.x.x) The remote subnet has cidr 10.250.0.0/24 The vpn clients and server get class B addresses (172.21.208.0/21)

Thanks