User Tools

Site Tools


Bypassing VPNs for specific local addresses

DO NOT IMPLEMENT currently bugged 24/1/17 SW

This is intended for users who understand SSH. This article demonstrates a method by which a VPN tunnel can be by-passed for local IP addresses; this is appropriate if you live in the UK and still want to use SKY or BBC IPlayer on specific devices, yet have other devices use the VPN. This article does not deal with setting up a VPN.

In this example a block of IP addresses from 192.168.1.128 to 192.168.1.255 will be set to bypass the VPN tunnel.

Log into SSH

cd /etc/openvpn

use ls to identify the openvpn config file - it will end in .conf

edit the config file vi <MyOpenVPNConfig>.conf where <MyOpenVPNConfig>.conf is your .conf file

search through the file for any route-pull commands; if you find them comment them out by inserting a# at the start of the line.

At the end of the file insert the following:

#
# Insert Routing to bypass VPN tunnel
#
route-nopull
route-noexec
up /etc/openvpn/up-script.sh
down /etc/openvpn/down-script.sh

exit and save the .conf file (ESC, CTRL-Z)

now create the up script:

vi up-script.sh

insert the following:

#
ip rule add from 192.168.1.128/25 priority 10 table vpn
ip route add 192.168.1.128/25 dev tun1 table vpn
ip route add default via $ifconfig_remote dev tun1 table vpn
ip route flush cache

Save & exit (ESC, CTRL-Z)

Now Create the Down script:

vi down-script.sh

insert the following:

#
rm /etc/openvpn/up
touch /etc/openvpn/down
ip rule del from 192.168.1.128/25

Save & exit (ESC, CTRL-Z)

Change the 192.168.1.128/25 in all scripts to reflect the local IP addresses of the devices you want to be bypassing the VPN

Reboot the router.