Post
by libove » Tue Oct 26, 2010 5:20 am
As krzee said, OpenVPN - and most VPNs - do not work that way. Traffic is routed by the host (on which the OpenVPN client is running) based on routing tables.
If the OpenVPN configuration (which could be selected by the Client, or pushed by the Server) sets the OpenVPN connection as the Default route, then traffic will go through the OpenVPN connection. (The exception to this is the advanced "SSL VPNs" - misnomers, but that's how they were marketed six or so years ago, such as that offered by the F5 Firepass device - which set up shims in the network stack and typically don't work for all apps).
If the initial problem is that the OpenVPN Server is pushing the Default route to be through the VPN tunnel (and if you have admin rights on the Client), you could probably set up an after-connect script to UN-do the Default route setting. That's part-way to what you're looking for, maybe.
The big question you have to ask yourself is "Is it really the *application* which selects the way the traffic should route, or is it the *destination*?" It's most likely to be the destination. For example, your email program isn't what defines that that application's calls to the TCP/IP stack should go through the VPN tunnel - it's the fact that your email server is / is not only reachable through the VPN tunnel.
If it is the destination, and if you can set up specific routes to those few destinations which require going through the OpenVPN (or, conversely, those few destination which require NOT going through the OpenVPN), then you can do this.
To reach only mysmallcompany's.oneIPaddresswebserver.com only through the VPN is easy.
To reach only mymassivecompany's.widelydistributedanddynamicsIPs.com only through the VPN may be very difficult. One way to do so is to add an after-connect script which resolves the set of destination addresses and creates custom routes for them at that time, and re-runs from time to time to re-adjust those routes as the dynamic addresses change over time.
A key problem you may encounter if you have a very large number of custom routes required is that many clients have a limit to the effective size of their routing table. (I think on Windows XP it was around 40 routes? My memory here is VERY rusty. Not sure what Vista and Windows 7 can do; UNIX clients likely can be configured to take much larger number of static routes).
Good luck, I hope this is helpful.