Exclude site going from VPN

keef

Regular Contributor
Hello. I am using NordVPN with OpenVPN and Merlin (AC-3100). Is there a way to exclude a site from going through the VPN? My wife needs to access one particular site and it always some up with an error (connection is not private) if the VPN is active. If I turn it off or route her around the VPN she is fine however that is not a situation I want for her work PC (works from home these days).

thanks guys
 

ColinTaylor

Part of the Furniture
Please remove the Release prefix from your title as you are not announcing a new release of something. Thanks.

If this is for your wife's "work PC" then I definitely wouldn't want any of it routed through NordVPN anyway. Not unless her "work" involves researching "dodgy" websites.
 
Last edited:

Butterfly Bones

Very Senior Member
Hello. I am using NordVPN with OpenVPN and Merlin (AC-3100). Is there a way to exclude a site from going through the VPN? My wife needs to access one particular site and it always some up with an error (connection is not private) if the VPN is active. If I turn it off or route her around the VPN she is fine however that is not a situation I want for her work PC (works from home these days).

thanks guys
You want to use Policy Based Routing, explained on RMelin GitHub here.
 

eibgrad

Part of the Furniture
If all you want to do is bind one or more public IPs/networks/domains to the WAN, just add static routes (in the form of route directives) to the OpenVPN client custom config field.

Code:
route 199.199.199.199 255.255.255.255 net_gateway
route 188.188.188.0 255.255.255.0 net_gateway
route somewebsite.com 255.255.255.255 net_gateway

No need for PBR (policy based routing). No need for extra scripts.

In fact, because PBR necessarily removes the router itself from the VPN, it has the potential for unintended consequences (e.g., DNS leaks).
 
Last edited:

keef

Regular Contributor
Please remove the Release prefix from your title as you are not announcing a new release of something. Thanks.

If this is for your wife's "work PC" then I definitely wouldn't want any of it routed through NordVPN anyway. Not unless her "work" involves researching "dodgy" websites.
 

keef

Regular Contributor
Hi. Why is going through the VPN is what I should do with her PC? I'm confused. I thought she would be safer using it?

Thanks
 
Last edited:

keef

Regular Contributor
Please remove the Release prefix from your title as you are not announcing a new release of something. Thanks.

If this is for your wife's "work PC" then I definitely wouldn't want any of it routed through NordVPN anyway. Not unless her "work" involves researching "dodgy" websites.


How do I remove the prefix? My mistake.
 

keef

Regular Contributor

Please remove the Release prefix from your title as you are not announcing a new release of something. Thanks.

If this is for your wife's "work PC" then I definitely wouldn't want any of it routed through NordVPN anyway. Not unless her "work" involves researching "dodgy" websites.

I am slow. Did you mean that NordVPN is a dodgy service?
 

keef

Regular Contributor
If all you want to do is bind one or more public IPs/networks/domains to the WAN, just add static routes (in the form of route directives) to the OpenVPN client custom config field.

Code:
route 199.199.199.199 255.255.255.255 net_gateway
route 188.188.188.0 255.255.255.0 net_gateway
route somewebsite.com 255.255.255.255 net_gateway

No need for PBR (policy based routing). No need for extra scripts.

In fact, because PBR necessarily removes the router itself from the VPN, it has the potential for unintended consequences (e.g., DNS leaks).

Hey, thanks. What is [/code] for?
 

keef

Regular Contributor
Probably this

Can be installed from amtm
Thanks. I do not think mine installed correctly. If I select it from the AMTM main menu I always get the install screen. I selected 1 and 2 but nothing and they seemed to install ok. I'll try to look at this later. Hopefully, this will work out. I am going to really need the GUI to install.
 
Last edited:

keef

Regular Contributor
If all you want to do is bind one or more public IPs/networks/domains to the WAN, just add static routes (in the form of route directives) to the OpenVPN client custom config field.

Code:
route 199.199.199.199 255.255.255.255 net_gateway
route 188.188.188.0 255.255.255.0 net_gateway
route somewebsite.com 255.255.255.255 net_gateway

No need for PBR (policy based routing). No need for extra scripts.

In fact, because PBR necessarily removes the router itself from the VPN, it has the potential for unintended consequences (e.g., DNS leaks).

Hi. Thanks for the info. I am, however, struggling with this stuff. If the site to get to is 101.202.303.404 would that go in line 2 the first IP#?

thanks
 

eibgrad

Part of the Furniture
Hi. Thanks for the info. I am, however, struggling with this stuff. If the site to get to is 101.202.303.404 would that go in line 2 the first IP#?

thanks

Line #1 is for a *single* IP.
Line #2 is for a network (class C in the example).
Line #3 is for a domain name.

So for any single IP, use line #1 as a model.
 

sambosoul

Occasional Visitor
I am having a similar problem with accessing a certain YouTube channel over VPN. I got it running by adding route youtube.com 255.255.255.255 net_gateway into the OpenVPN custom config and I can access YouTube in the web browser on my mobile devices.

While this is working great, I would love to be able to access YouTube through their native YouTube app on both iOS and tvOS (AppleTV app). Here I guess using the URL does not work; what other method or approach could I use to achieve this?
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top