Policy Routing with Openvpn?

Dear Everyone I am currently using openvpn for normal browsing. However, I have the following services running: a bit torrent client, a web server, IRC and a git server which I would really want it to not be using my vpn connection (and use my original connection instead).

Is there a way to do this? I looked up policy routing and I can't really find any tutorial on how to do this on linux (I am on ubuntu). I don't want the solution to be incredibly complicated - I am pretty new to networking in ubuntu and I only want a very simple solution to this problem.

Can someone help me out?


Solution 1:

Unfortunately policy routing IS incredibly complicated. I have an open question asking about tools to make policy/tc easier to use, and I haven't seen any great answers yet. I have started working on something on my own, but isn't ready to share, and wouldn't be to useful in the case of a VPN.

The guide to start with is the LARTC HOWTO, but I don't believe it has any examples about how to create policies when a VPN is installed. Really though the fact that you are a using a VPN shouldn't matter. When OpenVPN is connected it just shows up as another network interface.

Solution 2:

Normal routing usually means looking at a destination to make a forwarding decisions. Policy routing usually means looking at a source and destination to make a forwarding decision (much more complicated.)

I might be wrong, but I think you may be able to segment your traffic using normal routing techniques.

Your VPN is probably for work??

Most corporate VPN policies want you to send all of traffic via their tunnel as a protection mechanism for them. (Someone external can't hack in to your box and then get access to the corp VPN.)

What I'm guessing you'd like (although it may not make your VPN admins happy) is to just send traffic for work-related sites via the VPN and all other traffic out your normal connection.

Take a look at your routing table. 'ip route'

Ideally you want to just route to the corporate networks via the vpn tunnel, and your default route will go out to your ISP.

Most VPN setups send a replacement default route, or openvpn will sometimes send two /1 routes to override your default route.

Without seeing your output of 'ip route', it's hard to recommend what to do next.

Can you share that?