How to configure a VPN the way that it only provides access to remote desktop without processing local traffic?

How can I configure corporate VPN used to access a remote desktop the way that my traffic from my own local desktop wouldn’t go through this VPN? I know that in Windows 10 it’s done by unchecking “Use default gateway on remote network”.

As you’ve probably noticed, I’m a newbie, so excuse me for possibly unclear request formulation.

Hi @Dawg, and welcome!

While I’ve never done it, it’s called policy-routing or split routing and is handled by iptables. So it can be easier configured with firewalld or ufw (so probably gufw as well.)

I’ve done quite a bit of reading up on it, as I want to implement it at home, but I don’t have the necessary stuff yet, so I only know what I want to do, not how to do it. But maybe you can look deeper into it, now that you can put a name to it.

1 Like

It would help if the VPN protocol is known…

Thank you very much! I’m going to try it out after my work shift is over.

1 Like

The VPN protocol doesn’t much matter if you do it with iptables. Well, at least not AFAIK. If there’s any other way to do it, I don’t know how.

Have a look here, maybe it helps:


Also see here

(Although I know it’ll be thorough and all, I don’t know how much will be applicable.)


1 Like

You’re right. It’s L2TP.

You can play around with iptable routes. However it is not necessary and not easy. You just need to prevent a change in the default route.

If you use NetworkManager, edit your VPN connection, go to IPv4 Settings, click on “Routes…” and set “Use this connection only for resources on its network”.

Unfortunately, if your L2TP VPN tries to set up manually it’s routes this might not work. You can always delete the default route and go back to your original route. But this is not easy.

Configure a static route for the tunnel using the subnet on the remote site.

Unfortunately setting “Use this connection only for resources on its network” doesn’t let me to connect to the remote desktop.

So it is not on the vpn network, maybe behind in another network. You can still set additional static routes for specific network address spaces. For this to work, you would need to know the address spaces your remote desktop is located in.

However, you should ask your corporate IT Department for more information on this.