Basic routing question: Bypass VPN for specfic URL

Need help configuring your VPN? Just post here and you'll get that help.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
elpedr0
OpenVpn Newbie
Posts: 2
Joined: Sat Nov 05, 2022 7:10 pm

Basic routing question: Bypass VPN for specfic URL

Post by elpedr0 » Sat Nov 05, 2022 7:20 pm

What is the correct modificaion to my openvpn client config to avoid the VPN for a specific address?

My current config (TUN interface type) includes the options:
keepalive 10 120
remote-cert-tls server
redirect-gateway

This routes all my traffic via the VPN. However, this appears to prevent me using gmail's smtp. Therefore, I would like smtp.gmail.com to routed via my normal gateway, but leaving all other traffic routed via the VPN.

I have tried adding the following line to the config:
route smtp.gmail.com 255.255.255.255 net_gateway
but my smtp emails are still blocked. I can send emails via smtp when I stop the VPN and so all traffic is just going through the normal WAN gateway.

User avatar
ordex
OpenVPN Inc.
Posts: 444
Joined: Wed Dec 28, 2016 2:32 am
Location: IRC #openvpn-devel @ libera.chat

Re: Basic routing question: Bypass VPN for specfic URL

Post by ordex » Sat Nov 05, 2022 8:35 pm

I don't think you can pass a hostname to --route. You may want to swap it with its IP address.

elpedr0
OpenVpn Newbie
Posts: 2
Joined: Sat Nov 05, 2022 7:10 pm

Re: Basic routing question: Bypass VPN for specfic URL

Post by elpedr0 » Sun Nov 06, 2022 8:54 am

Thank ordex, though from the OpenVPN reference manual: --route network/IP [netmask] [gateway] [metric]
I interpret this as accepting a network address or an ip. I've now come across posts on other forums suggesting that when a network address is used, only the first IP address returned is applied to the route option (though I haven't found confirmation of this in the reference manual).

I've also read that it is advised to use the smtp.gmail.com url because the IP addresses of gmail smtp servers can change, though again, I haven't found official confirmation of this yet.

Still searching for a solution.

Edit:typo

User avatar
ordex
OpenVPN Inc.
Posts: 444
Joined: Wed Dec 28, 2016 2:32 am
Location: IRC #openvpn-devel @ libera.chat

Re: Basic routing question: Bypass VPN for specfic URL

Post by ordex » Mon Nov 07, 2022 8:24 am

Yeah, you're right. The hostname lookup is performed only once during setup, therefore if the address changes later on, the route is not updated.
I don't know if you have some local DNS/cache, but maybe you could instruct it to resolve that hostname to the same IP all the time?
Or, you look up all the IPs that smtp.gmail.com may have and create a route for each of them (thought new addresses may be added over time)

Post Reply