openvpn: How to not use VPN for domains with multiple IP addresses

vpn routing openvpn

What you want is, sadly, impossible. Routing works based on IP addresses, and the domain name simply isn't present in the IP packets, so it cannot be used to make routing decisions.

When adding routes, you can add a route to a specific domain name, but that name gets DNS resolved into an IP address before it is added to the routing table. Also note that your routing table will not get updated if the IP address in the DNS entry changes.

Basically your options are:

1: at VPN startup, add a route to all the specific host names that you are going to access without VPN. The names will immediately get resolved, but that might not matter, unless the IP addresses change really quickly.

2: figure out all the netblocks that the target domain uses and setup routing without VPN for them. In some cases it is impossible to figure the netblocks out, though.

3: reverse your routing logic: drop the "route everything through vpn" rule, only route specific netblocks through vpn (you are more likely to know these than the netblocks of a specific domain you don't control), and let the default route take all non-vpn traffic to the internet without vpn.

Related

debugging stuck apache/php thread on production server
When should I buy cities in Age of Wonders I and when should I not?
Buying Premium Pass in Just Dace 2017 also works for 2018 edition?
Can you transfer game files on Mac to a PC?
can The death aura be used by minions?
What is the frequency of drop items at the end of each game?
How can I select the games from a backup drive to restore on Steam?
Are the anniversary event Pikachu permanent?
Can not marry or move children after removing mod
Can someone explain hardpoint scanners / weapons to me?
In Just Cause 3, is there a way to have jetpack-like wingsuit?
What is a Blade Combo finisher?