Bypassing VPN for sites with changing IPs.

How to customize and extend your OpenVPN installation.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Post Reply
nazo
OpenVpn Newbie
Posts: 1
Joined: Mon May 08, 2017 10:20 pm

Bypassing VPN for sites with changing IPs.

Post by nazo » Mon May 08, 2017 10:56 pm

So I decided to go to a VPN mostly for privacy reasons (the recent FCC ruling was just the straw that broke the camel's back.) This means I really want the VPN to be used by default rather than only on for specific sites -- which is too bad since that would be a really easy solution if so. I'm running into some problems trying to bypass it for just certain things. For example, while the added security of an extra encryption layer is nice, I do have a bit of paranoia about what if someone got into my server and if I'm accessing, say, my bank while someone was on there I don't really know what they could do. Plus there are some sites that just plain block some regions and that sort of thing anyway. The problem is, most of these places use multiple IPs and I guess load balancing or something. Take, just for instance, Amazon.com. One moment it may be one thing, another it could be something completely different. Some sites I've seen show up as going from one country to another as I accessed them at different times even. I presume this is part of a cloud computing system to help prevent DDoS attacks or something, but whatever the case may be, I have to assume that this is the culprit (otherwise I have no idea.)

Anyway, first of course I googled around. The chief thing I found that suits me best is a couple of lines that can be added to the client configuration file. Namely:

Code: Select all

allow-pull-fqdn
To enable this mechanism, followed by:

Code: Select all

route amazon.com 255.255.255.255 net_gateway
route www.amazon.com 255.255.255.255 net_gateway
to do the actual redirection to the local gateway instead of the remote one.

Now, this has worked with a few sites. For example, I tested initially using whatismyip.com as a fairly obvious quick test since I could immediately tell whether it was showing the VPN's IP address or my own connection's. It works on whatismyip.com just fine. But when I go to places like, for example, Amazon, I'm still seeing stuff for a different country come up and one site that seems to be blocking my VPN's connection entirely (but works fine if I disconnect from the VPN) still blocks me. Upon more googling I'm seeing someone trying to fix access to stuff like Netflix which is well known for using multiple IPs and this didn't seem to fix the issue for them either. Obviously it is unreasonable to try to suss out every single IP they have ever used and manually add them -- especially since this could be subject to change in the future with more added and old ones removed. Am I simply missing something? Is there maybe a better way?

Post Reply