OpenVPN Support Forum

I have an openvpn server set up, I connect using the openvpn connect app on android, however, I would only like to apply the openvpn server to specific apps using split tunneling, I have read previous posts indicating the old verson of openvpn connect had this feature but i cannot see this anymore. Am i still able to do this?

Thanks

Hello ljlj0404,

Split-tunnel is supported. This is usually controlled by the server that gives instructions to send only specific IP addresses through, or all the Internet. You can verify this in the client side log file, what it tells the client to do.

Aside from this, I believe the OpenVPN for Android app by Arne Schwabe has some capability to select which android app can use the VPN tunnel. That might satisfy your requirement. This feature is something we are also considering for OpenVPN Connect for Android.

Kind regards,
Johan

Hello openvpn_inc,

Could you please provide a link to some documentation or a tutorial that explains how this is set up on the server side?

I kind of have the inverse situation as I would like all traffic to go over the VPN except for a single app.

Thanks,
Dave

Hi @openvpn_inc, what is the status of the feature of an option available in the android client itself to manually choose to skip routing all traffic through the particular VPN connection?

This is option is required for the client to be able to decide, no matter if the server pushes the default route or not, because:

1. Even if the server pushes a default route, it is always declaring a possibility that it will route all internet traffic, but I should not be forced to use it - I should still have a choice.
2. Sometimes the server does not push routes - this happens for example in Mikrotik Openvpn server - it does not push routes. In this situation the route configuration is done on the client side - you put it in client configuration (e.g. in an .ovpn file or and Android app should allow to specify routes), like Arne Schwabe's application allows you tu put routes, and virtually any normal OpenVPN client that I've seen except "OpenVPN Connect".
3. For example on an Android device I just opened OpenVPN Connect and imported a .ovpn file with LAN routes ("route 192...... 255...." options) and without a default geatway route, and it was for connection to a Mikrotik OpenVPN server that does not push any routes. But after OpenVPN Connect app connected with that profile, it routed all the traffic trhough this connection, so internet on the android smartphone stopped working, and I could not see the option to dsiable it, nor an option to manually specify routes on the client side.
4. So anyway the user should be able to override this, exactly like the OpenVPN standard allows. It seems very silly to me that the official app doesn't respect the OpenVPN standard.

So my question is: are you planning to support it or not? If not then OK, I will look for other solutions then. Thank you!

Hello avalancer,

While OpenVPN Connect v3 is compatible with open source servers, primarily it is to be used with our business offerings, OpenVPN Access Server and CloudConnexa. The controls to determine if Internet should be routed through are present in those two products. It is best to control these settings from the server side. Doing routing control from the server side is the most sensible way, as you can then also change it on-the-fly without replacing client configs.

It seems the cases you mention are about solving a problem on the client side while the issue is really on the server side. What Mikrotik does for example we have no control over, but if they want to they can certainly use the same methods of controlling client routes from the server side, instead of injecting it into the client configs.

So no, at this time we have no plans to have a GUI option to overrule this. In the meantime, feel free to use the OpenVPN for Android client by Arne Schwabe. It seems to fit your particular use cases best.

One bit of good news though, once pull-filter support for OpenVPN3 makes it to the Android version of OpenVPN Connect v3, the server instructions could be overridden in the connection profile itself using a filter to block certain commands from being pulled from the server side, thereby allowing to override instructions that the server is giving the client. So that could then be a solution. However pull-filter support is in OpenVPN3 Core 3.8 and that has not yet made it to Android yet at the time of writing of this response.

Kind regards,
Johan