Not redirecting all traffic through OpenVPN?
Your server config will probably have something along the lines of this:
push "route 10.8.0.0 255.255.255.0"
push "redirect-gateway"
push "route 0.0.0.0 0.0.0.0"
When connected to your OpenVPN server, you can check your routes via command line and route print
.
So, you got some options, as you are an admin on your device.
- Use
route-nopull
:
When used with --client or --pull, accept options pushed by server EXCEPT for routes.
When used on the client, this option effectively bars the server from adding routes to the client's routing table, however note that this option still allows the server to set the TCP/IP properties of the client's TUN/TAP interface.
- Use
route-noexec
:
Don't add or remove routes automatically. Instead pass routes to --route-up script using environmental variables
- Change the routes manually each time you connect (or make them persistent, depends on your usage):
route CHANGE 0.0.0.0 MASK 0.0.0.0 <your preferred gateway> METRIC n1 IF n2
route ADD x.x.x.x MASK y.y.y.y z.z.z.z
where x.x.x.x
is your company-subnet, y.y.y.y
the netmask and z.z.z.z
is your VPN-gatewayserver. n1/2
depend on your configuration, if you even need them.
- Ask your network/VPN admin to change your config (or everyone's config) to not route everything through the VPN. This is my favorite, because you dont' have to meddle with client configs etc.
These points are not everything you can do, but it should be enough.
Detailed reading can be done in the official documentation.
This is an example, of course. So you have to adapt to your configuration.
Related videos on Youtube
plaidhappiness
Leading the photorealistic rendering team at Adobe. Formerly Lead Software Engineer at Allegorithmic. Formerly Principal Software Engineer at Launchmetrics. Formerly Senior Rendering R&D Engineer at mental images, then NVIDIA. Founder and project lead of the open source production renderer appleseed.
Updated on September 18, 2022Comments
-
plaidhappiness over 1 year
I'm using OpenVPN Connect 2.1.3.111 on Windows 10 to access my company's network. I have no control whatsoever on the OpenVPN server.
It appears that right now, all traffic goes through the VPN connection when I'm connected. I'd like some of the traffic (i.e. to public access resources) to not go through the VPN.
Is this possible at all with OpenVPN on Windows?
If so, is that something that needs to be adjusted in Windows itself or in the OpenVPN client?
-
plaidhappiness over 6 yearsThanks for the detailed overview of my options. Regarding options 1 and 2, I have no idea what
route-nopull
androute-noexec
are. Are they command line tools? Commands that go in the .ovpn file? -
Lenniey over 6 yearsThey are for your .ovpn client configuration.