OpenVPN: Only route a specific IP addresses through VPN?
The correct configuration for OpenVpn is:
route-nopull
route 192.168.0.0 255.255.255.0
These entries belong in your .ovpn file and will direct all 192.168.0.* subnet traffic through the VPN.
For one IP only (192.168.0.1):
route-nopull
route 192.168.0.1 255.255.255.255
BTW: route-nopull means "don't pull routes from the server"
Goals
- Use the plain internet connection for all internet traffic by default, even when the VPN is connected.
- Route traffic to one specific IP address through the VPN.
Steps
Press Win + R and execute
ncpa.cpl.Right-click the VPN connection and go to Properties → Networking.
Select Internet Protocol Version 4 and go to Properties → Advanced....
Uncheck Use default gateway on remote network and click OK.
(optional) Repeat the previous steps for Internet Protocol Version 6.
(Re)connect to your VPN.
Open a command prompt and execute
route print -4.-
Spot the VPN's interface in the Interface list and its gateway in the Active Routes.
On my machine, I have:
Interface List 32...........................Super Free VPN [...] Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 On-link 10.6.6.127 31 10.0.0.0 255.0.0.0 10.88.1.1 10.88.1.102 31Here, the VPN's gateway is
10.88.1.1, since its the gateway for the10.xxx.xxx.xxxblock. -
Add a persistant route that will be appended to the active routes whenever there's a connection to the VPN:
route -p add 23.22.135.169 10.88.1.1 if 32In this example,
23.22.135.169is the IP ofwhatismyip.org,10.88.1.1is the gateway's IP and32the number of the interface. (optional) Repeat the previous steps for
route print -6.-
Test the setup.
If everything worked out, whatismyip.org and www.whatismyip.cx will display different IPs now.
To your OpenVPN client config, add a line like:
route The.IP.To.Go 255.255.255.255
(Where The.IP.To.Go is the IP you wish to route through the VPN)
This instructs OpenVPN to create the entry in your OS's routing table.
Alternatively, the OpenVPN server could be made to "push" this routing configuration down to clients, by adding to the server config:
push "route The.IP.To.Go 255.255.255.255"
EDIT: One thing I missed addressing--the default forwarding of all traffic... It could either be disabled on the server, or clients can elect to ignore "pushed" directives (so our second option "pushing" the route would not work) via:
route-nopull
In response to the comments asking for an easy linux / networkmanager friendly solution to customizing what gets routed over OpenVPN, here is a GUI friendly way to set it up. This answer is, as far as I can tell, just the GUI version of Thomas's answer.
Step 1: select your VPN configuration
Step 2: go over to the relevant tab (either IPv4 or IPv6)
Step 3: Click the "Routes..." button in the bottom right
Step 4: Add your desired route (in this case it is redirecting all traffic from 192.168.0.* through the VPN
Step 5: check the "use only for resources on this connection" checkbox so that connecting to the VPN doesn't change your default gateway settings to route all traffic through the VPN.