Can I set up Windows 7 VPN so that only sites blocked in China are routed through VPN?

3

1

I'm in China behind the Great Firewall using a VPN service provided by a friend so didn't get blocked in the VPN crackdown in January 2015.

Since VPN can slow down traffic a lot I'd like to only route the blocked sites through VPN and access unblocked sites directly.

(A less well known effect of the GFW is that all non-China traffic is often slowed to a crawl, which affects the traffic to and from the VPN in my friend's country.)

I'm interested in any approach:

  • Some smart tool re-routes sites that fail to load through VPN to retry them.
  • Some service provides a blacklist/whitelist of blocked/unblocked sites on the GFW and some tool queries the service to set up the routing.
  • I have to manually set up a route somehow for each blocked site to go through VPN, and all other traffic goes direct.
  • I have to manually set up a route somehow for each non-blocked site to avoid the VPN, and all other traffic goes via VPN.

hippietrail

Posted 2015-06-10T03:17:00.440

Reputation: 3 699

1Are you connecting using the built-in VPN connection in windows? – Nean Der Thal – 2015-06-10T04:07:45.427

1@MeNoTalk: Yes I am. But I'm open to other ways that could solve the problem. – hippietrail – 2015-06-10T04:12:55.340

1@Ramhound: In China somehow the GFW throttles international data speeds but Chinese sites are still fast. A good solution would have Chinese sites stay fast by not going through the (international) VPN and the international sites work at any speed. – hippietrail – 2015-06-10T11:20:10.567

Answers

2

Though your situation is somewhat more complicated. This is similar to the question asked here.

How can I make the Windows VPN route selective traffic (by destination network)?

For me (as is mentioned in one of the comments) as well as un-checking the "Use default gateway on remote network" box, I also had to check the "Disable class based route addition" box and then add a persistent route that covered what I wanted sent over the VPN.

I used a powershell window to enter the commands below, but a dos cmd window may work as well.

Before you can add the routes that you want, you need to find the IP address that your VPN is using. You do this when your VPN is connected using the command:

ipconfig

and you should see a section that looks like this:

PPP adapter office:

   Connection-specific DNS Suffix  . : 
   IPv4 Address. . . . . . . . . . . : 172.40.40.30
   Subnet Mask . . . . . . . . . . . : 255.255.255.255
   Default Gateway . . . . . . . . . :

So I need to use 172.40.40.30 in the commands below.

In my case I only needed a single route which looked like this:

route -p add 44.128.0.0/16 172.40.40.30

This commands says that every IP address in the range from 44.128.0.0 to 44.128.255.255 will go through the VPN which is 172.40.40.30

In your case you are going to have to find the locations that you want to reach using the VPN and add a route for each of them. Those could be entire ranges like I have specified above, or single hosts which you would do with something like:

route -p add 8.8.8.8/32 172.40.40.30

Hopefully this helps you and good luck.

G Mack

Posted 2015-06-10T03:17:00.440

Reputation: 21

I'll be back in China again before two weeks is up so thanks for this timely answer that I'll try out when I get there. – hippietrail – 2016-10-20T16:52:40.757

Asked: 2015-06-10T03:17:00.440

Viewed: 1 017 times

Active: 2017-10-02T15:34:03.203