OpenVPN Split tunneling

Fundamental

For example, suppose a user utilizes a remote access VPN software client connecting to a corporate network using a hotel wireless network. The user with split tunneling enabled is able to connect to file servers, database servers, mail servers and other servers on the corporate network through the VPN connection. When the user connects to Internet resources (Web sites, FTP sites, etc.), the connection request goes directly out the gateway provided by the hotel network.

Advantage

  • Alleviate bottlenecks and conserve bandwidth as Internet traffic does not have to pass through the VPN server.

  • A user works at a supplier or partner site and needs access to network resources on both networks throughout the day. Split tunneling prevents the user from having to continually connect and disconnect.

Configuration

Goal:

  • Direct connect for most requests, don't use VPN

  • only requests from local client to 171.253.181.55 is in the tunnel, secure, encrypted

Current

  • OpenVPN server IP: 45.79.85.159 from us

  • client configuration file: client.ovpn

Config

$ vim client.ovpn
# Add 2 lines into beginning of this client config file
# route-nopull
# route 171.253.181.55
client.ovpn
route-nopull
route 171.253.181.55
client
dev tun
proto udp
sndbuf 0
rcvbuf 0
remote 45.79.85.159 1194
...

Reference