OpenVPN Support Forum

Community Support Forum
https://forums.openvpn.net/

Host exceptions in client config to bypass VPN

https://forums.openvpn.net/viewtopic.php?t=17155

Page 1 of 1

Host exceptions in client config to bypass VPN

Posted: Mon Sep 29, 2014 5:37 pm
by volher
Hi there,

I am using a VPN provider which blocks sending emails via the VPN connection. Therefor, I would like to directly contact my email server, thereby bypassing openvpn.

Is it possible to add a list of a few exempted servers in the config file? What is the command syntax, if there is any?

Thanks

Re: Host exceptions in client config to bypass VPN

Posted: Tue Oct 21, 2014 12:05 pm
by Traffic
To have a certain host address bypass your VPN add this to the client config:

Code: Select all

route host-ip-address-A 255.255.255.255 local-real-ip-address-B
Where:
  • host-ip-address-A: is the ip address of the host you want to contact directly
  • local-real-ip-address-B: is the real IP address of your computer (not the VPN address)

Re: Host exceptions in client config to bypass VPN

Posted: Tue Oct 21, 2014 7:31 pm
by volher
Ok, thank you very much, will try!

Re: Host exceptions in client config to bypass VPN

Posted: Wed Oct 22, 2014 5:59 am
by volher
Well, unfortunately

route mail.gmx.net 255.255.255.255 192.168.110.20

does not work.

Re: Host exceptions in client config to bypass VPN

Posted: Wed Oct 22, 2014 9:41 am
by Traffic
You cannot add routes by DNS name ..
Traffic wrote:Where:

host-ip-address-A: is the ip address of the host you want to contact directly

Re: Host exceptions in client config to bypass VPN

Posted: Wed Oct 22, 2014 11:02 am
by volher
Well, i looked up the man an it says:

--route network/IP [netmask] [gateway] [metric]
Add route to routing table after connection is established. Multiple routes can be specified. Routes will be automatically torn down in reverse order prior to TUN/TAP device close.
This option is intended as a convenience proxy for the route(8) shell command, while at the same time providing portable semantics across OpenVPN's platform space.

netmask default -- 255.255.255.255

gateway default -- taken from --route-gateway or the second parameter to --ifconfig when --dev tun is specified.

The default can be specified by leaving an option blank or setting it to "default".

The network and gateway parameters can also be specified as a DNS or /etc/hosts file resolvable name

but it didn't work, so maybe you are right. You said [gateway] was my local IP, is that the IP of my computer in the LAN or doesn't gateway rather refer to the router?

Re: Host exceptions in client config to bypass VPN

Posted: Wed Oct 22, 2014 11:07 am
by volher
I does work:

route mail.gmx.net 255.255.255.255 LAN-IP-of-the-router

Thanks!

Re: Host exceptions in client config to bypass VPN

Posted: Wed Oct 22, 2014 12:17 pm
by Traffic
volher wrote:route mail.gmx.net
This is considered to be a security risc .. but it's up to you how you manage your network.

Re: Host exceptions in client config to bypass VPN

Posted: Wed Oct 22, 2014 12:21 pm
by Traffic
volher wrote:You said [gateway] was my local IP, is that the IP of my computer in the LAN or doesn't gateway rather refer to the router?
Traffic wrote:local-real-ip-address-B: is the real IP address of your computer (not the VPN address)
Yes, you are right .. that should be the local-real-ip-address-of-gateway of your LAN (not the VPN address).
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/