Is it possible to route internet traffic when OpenVPN connection is active?

I use an OpenVPN client to connect to my office network to run a remote control client (VNC, LogMeIn) from home. I think that the server is the Untangle OpenVPN server. My understanding is that while connected, all my internet traffic is routed through the office's internet connection (am I right?). Can I split the traffic such that only specific browser windows or specific websites will be tunneled to the office, while the rest of the traffic will get directly to the 'net?

For example, I want to be able to remotely control my office machine while at the same time not to bother the office network with browsing Stack Exchange sites?

ysap

Posted 2011-10-20T04:27:10.257

Reputation: 2 116

Answers

My understanding is that while connected, all my internet traffic is routed through the office's internet connection

It depends...

route print 0* tells more

Can I split the traffic such that only specific browser windows or specific websites will be tunneled to the office

Yes, you can, partially. Not "specific browser windows" or websites, but specific IP/subnets. Change local route table with route add and route change

Lazy Badger

Posted 2011-10-20T04:27:10.257

Reputation: 3 557

Additional question - is the default the VPN and I have to explicitly reroute any other IP address, or can I make the VPN the exception to the rule? If so, how? – ysap – 2011-10-20T14:32:16.287

AFAIK, all client-side VPN will add virtual TAP-unterface to Nrtwork Connections. You can just enable|disable "Use default gateway" in Advanced TCP-IP settings (General Tab) (tested on by my XP-host) – Lazy Badger – 2011-10-20T14:44:56.233

OK, I am now connected from my XP machine via VPN to my office win 7 machine. Typing route print 0* shows a table with a few MAC (?) addresses, one Network Destination (which seems to be my local home network IP addresses) and one Default Gateway address (again, my home router address). I also see in the OpenVPN window the IP address and port of the remote network (I think). What do I learn from that? I want to redirect one LogMeIn session through the VPN and the rest of the traffic to go directly out to the 'net. How do I do that? – ysap – 2011-10-22T19:16:47.163

Alternatively, I want to route the creativeLIVE video stream I am watching now directly out while having all the rest go through the VPN - this is less desirable but I can live with that too for now. – ysap – 2011-10-22T19:26:35.653

You could use a service like http://www.whatismyip.com and compare the results with openvpn online and offline. If it doesn't match, you're probably fine.

If it does match, verify that you do not have something like the following in your openvpn.conf:

redirect-gateway def1

If you do, comment it out. If you're still having issues, post your openvpn.conf here :)

adamrmcd

Posted 2011-10-20T04:27:10.257

Reputation: 320

Thanks. First, my conf file does not contain this line. What's interesting is that using the link you provided I get the same IP address with VPN connected or disconnected, and the first two octets of this IP are same as the remote server's address. What's more intersting is when I tracert www.google.com from cmd, I don't see that IP in the list. – ysap – 2011-10-22T23:16:49.237

Sooo.. if you get the same IP with with both VPN connected and disconnected, you are not routing non-subnet traffic through VPN... or, in other words, traffic with the same subnet that your openvpn server is providing is currently the only traffic that's going through openvpn. If you wanted to send all internet traffic through openvpn, add that redirect-gateway def1 line to your openvpn.conf :) – adamrmcd – 2011-10-23T03:12:58.213

Is it just a coincidence then that the IP address reported by whatismyip is the same as the address defined for the VPN server (up to the 2 octets)? This sound a little fishy to me. – ysap – 2011-10-23T03:38:01.987