Route Selected Traffic via OpenVpn - GitHub Case

• 26/1/2021
• 2-minute read

It’s a very common practice to use IP whitelisting to secure private resources and databases. And they use VPN to allow their employees to access these resources.

It’s very irritating to keep switching VPN on to use these organization resources and off to do to normal stuff on the internet. while one Option keeps using VPN for all activities which use the internet, but then you realize your VPN is not fast enough to do normal stuff like a video call or package download.

To solve this problem we will use route and route-nopull derivatives in OpenVPN configuration

route-nopull : this will tell OpenVpn not to route any traffic via OpenVPN

route : we will use this to route specific traffic via OpenVpn it uses the format below,

route <ip-address> <subnet-mask>

e.g., for single ip:

route 185.43.112.202 255.255.255.255

to allow a IP range:

route 185.199.108.0 255.255.252.0

In our .ovpn file, we will add these lines above certificate and below all existing configuration

route-nopull
route 52.43.112.202 255.255.255.255
route 185.199.108.0 255.255.252.0

if you don’t know the IP address for the resource you are accessing you can use the dig command on Linux e.g.,

dig <hostname> +short

GitHub Case

Now Let’s take the GitHub case many organizations only allow access to their Git Repo via VPN only but services like GitHub don’t use a single IP or single IP range. GitHub uses a pool of IP address ranges for its services. which they have published on their website we will use that to route traffic from Open to those IP ranges.

It will return the result to a routes.txt file in the current directory, copy the content from this file and paste it into your .ovpn configuration file.

That’s all, Now you keep your VPN connection connected, it will not hamper bandwidth for your other service.

Some points I want to highlight:

• By following this tutorial you will also help your Organisation to save transfer cost from their OpenVPN Server.
• Initial purpose for using a VPN was to save our privacy from ISP and tracker sites like google. so you may don’t want to filter any traffic from a VPN to save your privacy. Another reason to use VPN is to access Blocked sites by your ISP/Government.

Related Posts

• Automating OpenVPN Login in Ubuntu using Golang
• SOLID Principals - Liskov Substitution Principle (LSP)
• SOLID Principals - Interface Segregation Principle (ISP)