/sc_assets/441/logo.png

OpenVPN Split Tunneling

Last updated by Shayne M on July 23, 2021 12:10

Problem: The OpenVPN Service (VPNSecure.me) controls the default gateway and pushes all traffic out the VPN. You wish to only send specific traffic through the VPN and everything else via your normal internet connection.

Solution: Split Tunneling.

Routing Single IPs

1. Open Wordpad as (Administrator) You can do this by right clicking on the wordpad program from the Start Menu and selecting (Run as Administrator)

Select File then Open

C:\Program Files (x86)\VPNSecureMe\openvpn\config\default.ovpn

Add the following at the bottom of the configuration file

route no-pull

Leave the file open as you will require to add an additional directive later in the tutorial.

The route-nopull command will specify that no traffic is to flow through the VPN when connected.

2. Open a Command Prompt 

Start RUN


3. Pick which website that you wish to tunnel through the OpenVPN Tunnel in this tutorial we will use Openvpn.net

Run the following command: nslookup openvpn.com to get the IP address of the website in question (Please note some websites may use multiple IP address you may need to add additional ranges rather then single IP address to get the desired affect)

In this case, openvpn.com resolves to 174.137.125.44 

4. Route the openvpn.com IP address through the VPN.

Open Wordpad with the default.ovpn that was done in step 1

Add the following directive to the bottom of the file under route no-pull

route 174.137.125.44 255.255.255.255 vpn_gateway

route (Is the command) [174.137.112.0] (Is the IP of openvpn.com) [255.255.255.255] (Is the subnet of a single ip address) [vpn_gateway] (OpenVPN directive to add a static route)

5. Save the default.ovpn file.

In wordpad, select File then Save

restart the VPNSecure client, all your traffic except for openvpn.com will now route through your normal internet connection.


Routing Blocks /20's of IP's

Please follow the steps 1 - 3 above before proceeding

If the website that your trying to use has multiple IP's within the same IP range you can add block ranges of IP address's, example from  174.137.112.0 -  174.137.125.254 This range is called a /20 and contains 4000 IP address's which could be possibly owned by the company such as "Youtube" although they may use multiple ranges you will need to do your research.

1. You can then use a whois website (example sites: whois.net, www.whois.com) to find the CIDR notation value of the openvpn.com website.

2. Enter in the IP address you got from the NSLOOKUP command in this case 174.137.125.44 and press the Whois Lookup button

3. Find the / prefix associated with the IP range. (/20 is associated with the IP range, which is 4000 IP address's)


4.  You will find in the CIDR that there is an IP address followed by “/some number” (in this case /20)
Refer http://oav.net/mirrors/cidr.html to find the Netmask value of /20 notation


5. The netmask for a /20 is 255.255.240.0

To route the entire /20 IP address block out the VPN connection, please add the following line to the bottom of the default.ovpn file under the route no-pull directive

route 174.137.112.0 255.255.240.0 vpn_gateway

6. Save the default.ovpn file.

In wordpad, select File then Save

restart the VPNSecure client, all your traffic except for openvpn.com and associated block of 4000 (/20) IP's will now route through your normal internet connection.

VPNSecure Provides Secure VPN servers in over 45+ Countries

If you are a looking for a versatile easy to use VPN service, checkout Today