Use VPN only for certain domains/hostnames

I'm using OpenVPN on Windows with a TAP adapter.

I know you can specify a route to a specific ip address to go to your local internet connection. However it can't do the same for a hostname/domain.

Is there a way to keep my traffic on the VPN but route requests to www.google.com for example through my default gateaway at home (192.168.1.1 in my case)?

I was thinking that I could set 127.0.0.1 www.google.com in my HOSTS file and run a local apache and deal with a ruleset in there, but I'd rather not have to run a local webserver/proxy if there is another way I don't know about.

Jack Skinner

Posted 2015-09-23T04:42:45.320

Reputation: 43

Answers

You can specify a route to a host name only if you use --allow-pull-fqdn details can be found in The OpenVPN Manual

dotvotdot

Posted 2015-09-23T04:42:45.320

Reputation: 496

1Looks like something I'm looking for but the documentation isn't very clear on how to use this. Do you maybe have an example on how I would route traffic to lets' say www.google.com through my local adapter instead of the openvpn one?

Do I edit the .ovpn file with: push "route www.google.com 192.168.1.1" --allow-pull-fqdn – Jack Skinner – 2015-09-24T02:44:32.010

You can add this to the .ovpn file:

allow-pull-fqdn
route www.google.com 255.255.255.255 net_gateway

Then on openvpn startup this will lookup www.google.com, get it's IP address, and then add a route for that using the net (not VPN).

The problem is, google uses multiple IP addresses, so when you try to visit google it will still use the VPN unless you happen to hit the same IP address it looked up when it started.

One hack is to get one of the IP addresses that google uses and add it to your /etc/hosts, so then your machine will always use the same IP address for google, and the openvpn route command will accomplish what you want.

Problem is, of course, if google ever stops using that IP address or, for whatever reason, wants to route you to a different IP address. Then it fails.

David Ljung Madison Stellar

Posted 2015-09-23T04:42:45.320

Reputation: 372

what if it is a CDN and multiple domains use the same IP address, but you want to use the VPN only for one of them? – Karthik T – 2018-07-25T02:18:30.900

Don't know - you'd have to test it to see if openvpn is storing the IP or the domain name for comparison - I would assume it's the IP address. – David Ljung Madison Stellar – 2018-07-27T00:23:03.487