OpenVPN Split Tunneling
Last updated by Shayne M on July 22, 2014 19:01
Problem: The OpenVPN Service (VPNSecure.me) controls the default gateway and pushes all traffic out the VPN. You wish to only send specific traffic through the VPN and everything else via your normal internet connection.
Solution: Split Tunneling.
Routing Single IPs
1. Open Wordpad as (Administrator) You can do this by right clicking on the wordpad program from the Start Menu and selecting (Run as Administrator)
Select File then Open
C:\Program Files (x86)\VPNSecureMe\openvpn\config\default.ovpn
Add the following at the bottom of the configuration file
Leave the file open as you will require to add an additional directive later in the tutorial.
The route-nopull command will specify that no traffic is to flow through the VPN when connected.
2. Open a Command Prompt
3. Pick which website that you wish to tunnel through the OpenVPN Tunnel in this tutorial we will use Openvpn.net
Run the following command: nslookup openvpn.com to get the IP address of the website in question (Please note some websites may use multiple IP address you may need to add additional ranges rather then single IP address to get the desired affect)
In this case, openvpn.com resolves to 220.127.116.11
4. Route the openvpn.com IP address through the VPN.
Open Wordpad with the default.ovpn that was done in step 1
Add the following directive to the bottom of the file under route no-pull
route 18.104.22.168 255.255.255.255 vpn_gateway
route (Is the command) [22.214.171.124] (Is the IP of openvpn.com) [255.255.255.255] (Is the subnet of a single ip address) [vpn_gateway] (OpenVPN directive to add a static route)
5. Save the default.ovpn file.
restart the VPNSecure client, all your traffic except for openvpn.com will now route through your normal internet connection.
In wordpad, select File then Save
Routing Blocks /20's of IP's
Please follow the steps 1 - 3 above before proceeding
If the website that your trying to use has multiple IP's within the same IP range you can add block ranges of IP address's, example from 126.96.36.199 - 188.8.131.52 This range is called a /20 and contains 4000 IP address's which could be possibly owned by the company such as "Youtube" although they may use multiple ranges you will need to do your research.
1. You can then use a whois website (example sites: whois.net, www.whois.com) to find the CIDR notation value of the openvpn.com website.
2. Enter in the IP address you got from the NSLOOKUP command in this case 184.108.40.206 and press the Whois Lookup button
3. Find the / prefix associated with the IP range. (/20 is associated with the IP range, which is 4000 IP address's)
4. You will find in the CIDR that there is an IP address followed by “/some number” (in this case /20)
Refer http://oav.net/mirrors/cidr.html to find the Netmask value of /20 notation
5. The netmask for a /20 is 255.255.240.0
To route the entire /20 IP address block out the VPN connection, please add the following line to the bottom of the default.ovpn file under the route no-pull directive
route 220.127.116.11 255.255.240.0 vpn_gateway
6. Save the default.ovpn file.
restart the VPNSecure client, all your traffic except for openvpn.com and associated block of 4000 (/20) IP's will now route through your normal internet connection.
In wordpad, select File then Save
VPNSecure Provides Secure VPN servers in over 45+ Countries
If you are a looking for a versatile easy to use VPN service, checkout Today