Knowledge base
  • Goal of knowledge base
  • Linux & core
    • Linux
      • Record SSH session for reporting
      • Compress / Decompress files
      • Colorize logs
      • Cron output & logging
      • Signal
      • Break out and escape SSH session
      • Mount volume permanently
      • Show processes most consuming CPU & MEM
      • Improve and optimize battery life on Linux
      • File ownership & groups in linux
      • Automatic security update/patch on Ubuntu
      • Clean buffers and cached on linux
      • Bash completion on Linux/Mac
    • Core services
      • Nginx reload
      • OpenVPN Split tunneling
      • Nmap commands
    • Hardware
      • CPU Architecture fundamental
  • Database
    • MySQL
      • InnoDB - innodb_file_per_table parameter
      • MySQL - enable slow query log
      • MySQL - export large tables
    • MongoDB
  • Container
    • Docker
      • ADD or COPY in Dockerfile
        • Clean data of docker completely
    • Podman
  • Automation
    • Ansible
      • Output format
  • Build & Deployment
    • Jenkins
      • Jenkins - force exit pipeline when failure
  • Language & Toolset
    • PHP
      • Composer
      • php-redis & php-igbinary
  • Mindset
    • Technical based
      • Writing well
      • Reinvent The Wheel
      • Approach a new system
      • Backup philosophy
      • Mindset for building HA and scalable system
      • GitLab database incident
    • Non-technical based
      • How to read news efficiency?
      • How long should you nap?
      • Assume good faith
  • Reference & learning source
    • Books
      • Sysadmin/SRE
      • Mindsets
      • Software fundamentals
    • English
Powered by GitBook
On this page
  • Fundamental
  • Configuration
  • Reference
  1. Linux & core
  2. Core services

OpenVPN Split tunneling

Fundamental

For example, suppose a user utilizes a remote access VPN software client connecting to a corporate network using a hotel wireless network. The user with split tunneling enabled is able to connect to file servers, database servers, mail servers and other servers on the corporate network through the VPN connection. When the user connects to Internet resources (Web sites, FTP sites, etc.), the connection request goes directly out the gateway provided by the hotel network.

Advantage

  • Alleviate bottlenecks and conserve bandwidth as Internet traffic does not have to pass through the VPN server.

  • A user works at a supplier or partner site and needs access to network resources on both networks throughout the day. Split tunneling prevents the user from having to continually connect and disconnect.

Configuration

Goal:

  • Direct connect for most requests, don't use VPN

  • only requests from local client to 171.253.181.55 is in the tunnel, secure, encrypted

Current

  • OpenVPN server IP: 45.79.85.159 from us

  • client configuration file: client.ovpn

Config

$ vim client.ovpn
# Add 2 lines into beginning of this client config file
# route-nopull 
# route  171.253.181.55
client.ovpn
route-nopull 
route  171.253.181.55
client
dev tun
proto udp
sndbuf 0
rcvbuf 0
remote 45.79.85.159 1194
...

Reference

PreviousNginx reloadNextNmap commands

Last updated 6 years ago

https://en.wikipedia.org/wiki/Split_tunneling
https://www.ibvpn.com/billing/knowledgebase/330/Split-Tunneling-for-OpenVPN-GUI.html