OpenVPN Support Forum

What I am ultimately trying to do is setup split-tunneling so that all of my traffic goes through my public IP by default, but applications bound to the VPN interface will use that instead. More precisely, I am trying to use the OpenVPN Client to access Private Internet Access (PIA) servers. The reason for this is that the PIA client forces all traffic through the VPN and I have not been able to get split-tunneling to work at all with their client. With the OpenVPN client I can get connected using the provided configuration files from PIA and it works fine, however, all traffic is routed through the VPN (with the exceptions being the routes I have entered in via cmd, unlike with the PIA client). In attempt to keep my traffic from being hijacked by the VPN, I added in "route-nopull" to the configuration file and reconnected. Once reconnected, I then no longer have all of my traffic being routed through the VPN, but I also do not have any internet connection on the VPN interface. I am not familiar with OpenVPN and the available parameters so despite what research I have done, I still cannot figure out what is going wrong.

1. With the PIA client, "ipconfig /all" shows a default gateway, DNS, and DHCP addresses.
2. When running "ipconfig /all" before turning on the OpenVPN client, the adapter shows it is disconnected.
3. With the OpenVPN client turned on without the "route-nopull", I have DNS and DHCP addresses for the VPN interface, but no default gateway.
4. With "route-nopull" in use, "ipconfig /all" only shows the DHCP server address, no DNS or default gateway addresses.

This is the current configuration that I am using from PIA:
Can someone tell me what I am doing wrong? I'm banging my head against the wall over here.

dernamenlose wrote:I can get connected using the provided configuration files from PIA and it works fine, however, all traffic is routed through the VPN (with the exceptions being the routes I have entered in via cmd

That is basically the only way to do it.

There may be other clever ways with Linux but not with Windows (not yet at least).

dernamenlose wrote:so that all of my traffic goes through my public IP by default, but applications bound to the VPN interface will use that instead

I don't know how you would go about binding apps to the tun interface but routing would override that anyway.

There are some things which are simply not possible (not yet at least).

Of course, if somebody else has a better answer please go ahead

TinCanTech wrote:That is basically the only way to do it.

There may be other clever ways with Linux but not with Windows (not yet at least).

Through my research I have found other people who have gotten it to work in the same manner that I would like my connection to work. There is very little information about how to do it on the Windows side of things, but plenty on the Linux side. Perhaps you are correct in saying that it isn't doable on Windows, but I won't stop trying until enough people say it isn't possible.

On a somewhat related note, I have noticed that my speeds using the OpenVPN client are SUBSTANTIALLY slower than using the PIA client. With PIA, I can usually get 40-80Mbps (saturates my upload), but with the OpenVPN client, I am only getting 2-4Mbps down, but my upload speeds are much better in the 20-30Mbps range. Any thoughts there?

My largest issue with using the VPN for everything is that my unattended remote access then goes through the VPN and cripples my speed making remote control of my machine agonizingly slow. I haven't even tried this yet with the OpenVPN client due to the above speed issues.