Exclude an IP range and/or an app from a VPN connection

[h0m]

Hello there,

Some times ago, I added a VPN (an OpenVPN to be exact) client to reach the Internet through it by default (for all application and users) on all my computers. Everything runs fine. However, my VPS's IP range (where is my VPN server) seems to be banned by few websites (mainly one actually).That's why I would like to exclude some specific users and/or specific destinations from the VPN in order to access to Internet directly.

I think there are mainly two approaches:

The first one consists to exclude a specific user to be routed through the VPN. Like that I could run a proxy under this user and configure my browser (or whatever application as long as it's "proxyable") to use it for specific websites. Add/remove websites or applications will be easy. Moreover, I could even share the proxy with my other local computers.

The other approach is to exclude only a specific IP range (the IP range of the servers that host the website) to be routed through the VPN. It's probably the lighter and quicker solution but adding or removing new websites won't be as easy as in the first approach. Moreover, if the website IP range change, it'll be broke and I'll have to update it. Also, I'll have to configure (and regularly update) all my computers.

Maybe someone here would like to share his/her experience or knows a better solution or simply has some interesting arguments.

But the main point and why I'm asking your help is that I know anything about routing, iptables, etc. I tried to find proper commands to reach my goal but I didn't success... I can deal with users, installing a proxy daemon (I was thinking about Tinyproxy btw), but iptables, route, ip etc. commands are unfathomable for me even with the man pages. So don't hesitate to consider I'm eight years old newbie.

Thank you!

[h0m]

Nobody knows?

[Justin417]

Do you have access to the .conf or .ovpn file that your clients use?

This is a method that I use for excluding sites from being routed through the VPN. Open your OpenVPN configuration file. Add this section in the file:

Code: Select all

route www.example.com 255.255.255.255 net_gateway

To customize this, change http://www.example.com to the website you want to exclude from being routed through the VPN.

This would have to be done from the client side, this configuration option does not work on the server side.

Hope I could be of some assistance

[h0m]

Thank you very much, it's not exactly what I was thinking but that helps me a lot! It's a convenient and easy way. For some reasons, NetworkManager doesn't accept a domain name in its routing table but I should to look for a similar rule to send from the openvpn server. In the meantime, I add the rule through an ip command.

Thanks again. Have a great day!

[Justin417]

No problem! I do wish I could have helped more specifically, but OpenVPN isn't always the easiest software out there to configure.

Just remember when adding it by IP instead of by domain, if the site uses a content delievery network it could have many different changing IPs, so take that into consideration if you are having issues.