What is the correct modificaion to my openvpn client config to avoid the VPN for a specific address?
My current config (TUN interface type) includes the options:
keepalive 10 120
remote-cert-tls server
redirect-gateway
This routes all my traffic via the VPN. However, this appears to prevent me using gmail's smtp. Therefore, I would like smtp.gmail.com to routed via my normal gateway, but leaving all other traffic routed via the VPN.
I have tried adding the following line to the config:
route smtp.gmail.com 255.255.255.255 net_gateway
but my smtp emails are still blocked. I can send emails via smtp when I stop the VPN and so all traffic is just going through the normal WAN gateway.
Basic routing question: Bypass VPN for specfic URL
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
-
- OpenVpn Newbie
- Posts: 2
- Joined: Sat Nov 05, 2022 7:10 pm
- ordex
- OpenVPN Inc.
- Posts: 444
- Joined: Wed Dec 28, 2016 2:32 am
- Location: IRC #openvpn-devel @ libera.chat
Re: Basic routing question: Bypass VPN for specfic URL
I don't think you can pass a hostname to --route. You may want to swap it with its IP address.
-
- OpenVpn Newbie
- Posts: 2
- Joined: Sat Nov 05, 2022 7:10 pm
Re: Basic routing question: Bypass VPN for specfic URL
Thank ordex, though from the OpenVPN reference manual: --route network/IP [netmask] [gateway] [metric]
I interpret this as accepting a network address or an ip. I've now come across posts on other forums suggesting that when a network address is used, only the first IP address returned is applied to the route option (though I haven't found confirmation of this in the reference manual).
I've also read that it is advised to use the smtp.gmail.com url because the IP addresses of gmail smtp servers can change, though again, I haven't found official confirmation of this yet.
Still searching for a solution.
Edit:typo
I interpret this as accepting a network address or an ip. I've now come across posts on other forums suggesting that when a network address is used, only the first IP address returned is applied to the route option (though I haven't found confirmation of this in the reference manual).
I've also read that it is advised to use the smtp.gmail.com url because the IP addresses of gmail smtp servers can change, though again, I haven't found official confirmation of this yet.
Still searching for a solution.
Edit:typo
- ordex
- OpenVPN Inc.
- Posts: 444
- Joined: Wed Dec 28, 2016 2:32 am
- Location: IRC #openvpn-devel @ libera.chat
Re: Basic routing question: Bypass VPN for specfic URL
Yeah, you're right. The hostname lookup is performed only once during setup, therefore if the address changes later on, the route is not updated.
I don't know if you have some local DNS/cache, but maybe you could instruct it to resolve that hostname to the same IP all the time?
Or, you look up all the IPs that smtp.gmail.com may have and create a route for each of them (thought new addresses may be added over time)
I don't know if you have some local DNS/cache, but maybe you could instruct it to resolve that hostname to the same IP all the time?
Or, you look up all the IPs that smtp.gmail.com may have and create a route for each of them (thought new addresses may be added over time)