Cannot Get Split-tunneling to Work Properly

This forum is for general conversation and user-user networking.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Post Reply
dernamenlose
OpenVpn Newbie
Posts: 2
Joined: Mon Feb 20, 2017 12:33 am

Cannot Get Split-tunneling to Work Properly

Post by dernamenlose » Mon Feb 20, 2017 5:37 am

What I am ultimately trying to do is setup split-tunneling so that all of my traffic goes through my public IP by default, but applications bound to the VPN interface will use that instead. More precisely, I am trying to use the OpenVPN Client to access Private Internet Access (PIA) servers. The reason for this is that the PIA client forces all traffic through the VPN and I have not been able to get split-tunneling to work at all with their client. With the OpenVPN client I can get connected using the provided configuration files from PIA and it works fine, however, all traffic is routed through the VPN (with the exceptions being the routes I have entered in via cmd, unlike with the PIA client). In attempt to keep my traffic from being hijacked by the VPN, I added in "route-nopull" to the configuration file and reconnected. Once reconnected, I then no longer have all of my traffic being routed through the VPN, but I also do not have any internet connection on the VPN interface. I am not familiar with OpenVPN and the available parameters so despite what research I have done, I still cannot figure out what is going wrong.
  1. With the PIA client, "ipconfig /all" shows a default gateway, DNS, and DHCP addresses.
  2. When running "ipconfig /all" before turning on the OpenVPN client, the adapter shows it is disconnected.
  3. With the OpenVPN client turned on without the "route-nopull", I have DNS and DHCP addresses for the VPN interface, but no default gateway.
  4. With "route-nopull" in use, "ipconfig /all" only shows the DHCP server address, no DNS or default gateway addresses.

This is the current configuration that I am using from PIA:
Test Config
client
dev tun
proto udp
remote ca-toronto.privateinternetaccess.com 1198
resolv-retry infinite
nobind
persist-key
persist-tun
cipher aes-128-cbc
auth sha256
tls-client
remote-cert-tls server
auth-user-pass
comp-lzo
verb 1
reneg-sec 0
crl-verify crl.rsa.2048.pem
ca ca.rsa.2048.crt
disable-occ
Can someone tell me what I am doing wrong? I'm banging my head against the wall over here.

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Cannot Get Split-tunneling to Work Properly

Post by TinCanTech » Mon Feb 20, 2017 1:08 pm

dernamenlose wrote:I can get connected using the provided configuration files from PIA and it works fine, however, all traffic is routed through the VPN (with the exceptions being the routes I have entered in via cmd
That is basically the only way to do it.

There may be other clever ways with Linux but not with Windows (not yet at least).
dernamenlose wrote:so that all of my traffic goes through my public IP by default, but applications bound to the VPN interface will use that instead
I don't know how you would go about binding apps to the tun interface but routing would override that anyway.

There are some things which are simply not possible (not yet at least).

Of course, if somebody else has a better answer please go ahead :mrgreen:

dernamenlose
OpenVpn Newbie
Posts: 2
Joined: Mon Feb 20, 2017 12:33 am

Re: Cannot Get Split-tunneling to Work Properly

Post by dernamenlose » Tue Feb 21, 2017 5:20 am

TinCanTech wrote:That is basically the only way to do it.

There may be other clever ways with Linux but not with Windows (not yet at least).
Through my research I have found other people who have gotten it to work in the same manner that I would like my connection to work. There is very little information about how to do it on the Windows side of things, but plenty on the Linux side. Perhaps you are correct in saying that it isn't doable on Windows, but I won't stop trying until enough people say it isn't possible.

On a somewhat related note, I have noticed that my speeds using the OpenVPN client are SUBSTANTIALLY slower than using the PIA client. With PIA, I can usually get 40-80Mbps (saturates my upload), but with the OpenVPN client, I am only getting 2-4Mbps down, but my upload speeds are much better in the 20-30Mbps range. Any thoughts there?

My largest issue with using the VPN for everything is that my unattended remote access then goes through the VPN and cripples my speed making remote control of my machine agonizingly slow. I haven't even tried this yet with the OpenVPN client due to the above speed issues.

Post Reply