From d520a58ec4ad62f0250de34606070c9da43830b7 Mon Sep 17 00:00:00 2001 From: Edward Vielmetti Date: Mon, 30 Nov 2015 16:27:46 -0500 Subject: [PATCH] Split tunnels, as documented in #51 Taking text from #51 and putting in into the FAQ to make it that much easier to find. --- docs/faqs.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/docs/faqs.md b/docs/faqs.md index 7ed633d..61465f1 100644 --- a/docs/faqs.md +++ b/docs/faqs.md @@ -12,3 +12,9 @@ Use a Docker image with a text editor pre-installed (i.e. Ubuntu) and connect th The run-time image (`kylemanna/openvpn`) is intended to be an ephemeral image. Nothing should be saved in it so that it can be re-downloaded and re-run when updates are pushed (i.e. newer version of OpenVPN or even Debian). The data container contains all this data and is attached at run time providing a safe home. If it was all in one container, an upgrade would require a few steps to extract all the data, perform some upgrade import, and re-run. This technique is also prone to people losing their EasyRSA PKI when they forget where it was. With everything in the data container upgrading is as simple as re-running `docker pull kylemanna/openvpn` and then `docker run ... kylemanna/openvpn`. + +## How do I set up a split tunnel? + +Split tunnels are configurations where only some of the traffic from a client goes to the VPN, with the remainder routed through the normal non-VPN interfaces. You'll want to disable a default route (-d) when you generate the configuration, but still use NAT (-N) to keep network address translation enabled. + + ovpn_genconfig -N -d ...