Configure (route) specific connections outside of a VPN












1















I am using NetworkManager (Gnome) to handle all my network connections.
I am connecting to a VPN with OpenVPN. My firewall (nftables) drops all traffic outside of the tun0 interface.



Now I want to connect to a server (that has a static IP) via ssh, but outside of the VPN tunnel, so I want to tell my machine: For every connection to this IP, do not use the VPN but rather connect directly.



What I did so far: Allow a connection to the server in the firewall.



What I am not really able to figure out:
How do I make my machine connect to the server "outside" of the VPN properly?
I already tried to read up on the problem, the answer I have been able to find was routing, so I am supposed to create a route for all the traffic to the server through a different networking interface, so instead of letting those packages through tun0, they are supposed to go through either wlp2s0 or enp1s0, depending on how I am connected at a given moment.



So I did for example
ip route add IP-ADDRESS dev wlp2s0



This somehow seems to work temporarily (but I don't even know if it should). I am not sure though if this is the correct way to do it.
In case that this is the right idea, I want to configure it so this routing is done "automatically" - so whenever my network connection changes (for example I'm switching from wifi to wired connection), I want the route to still be there. How do I do that properly?



My system (not sure if this is relevant) is Archlinux with all the latest packages installed.



The reason I want to do this is because the server I want to connect to is blocking all of the IPs from my VPN provider. I do trust the server though, so I do not need to use the VPN to connect to this server.










share|improve this question




















  • 1





    The question need not probably be so convoluted. I bet you would manage to convey you want to escape the normal route of VPN with less than 1/3 of that text. And yes, if you want to mess up with routing, the best course of action is understanding the route (and possibly firewalling) commands.

    – Rui F Ribeiro
    Nov 19 '18 at 14:22













  • Yes, adding the route for that address is the correct way to do it, and should of course work.

    – RalfFriedl
    Nov 19 '18 at 19:32
















1















I am using NetworkManager (Gnome) to handle all my network connections.
I am connecting to a VPN with OpenVPN. My firewall (nftables) drops all traffic outside of the tun0 interface.



Now I want to connect to a server (that has a static IP) via ssh, but outside of the VPN tunnel, so I want to tell my machine: For every connection to this IP, do not use the VPN but rather connect directly.



What I did so far: Allow a connection to the server in the firewall.



What I am not really able to figure out:
How do I make my machine connect to the server "outside" of the VPN properly?
I already tried to read up on the problem, the answer I have been able to find was routing, so I am supposed to create a route for all the traffic to the server through a different networking interface, so instead of letting those packages through tun0, they are supposed to go through either wlp2s0 or enp1s0, depending on how I am connected at a given moment.



So I did for example
ip route add IP-ADDRESS dev wlp2s0



This somehow seems to work temporarily (but I don't even know if it should). I am not sure though if this is the correct way to do it.
In case that this is the right idea, I want to configure it so this routing is done "automatically" - so whenever my network connection changes (for example I'm switching from wifi to wired connection), I want the route to still be there. How do I do that properly?



My system (not sure if this is relevant) is Archlinux with all the latest packages installed.



The reason I want to do this is because the server I want to connect to is blocking all of the IPs from my VPN provider. I do trust the server though, so I do not need to use the VPN to connect to this server.










share|improve this question




















  • 1





    The question need not probably be so convoluted. I bet you would manage to convey you want to escape the normal route of VPN with less than 1/3 of that text. And yes, if you want to mess up with routing, the best course of action is understanding the route (and possibly firewalling) commands.

    – Rui F Ribeiro
    Nov 19 '18 at 14:22













  • Yes, adding the route for that address is the correct way to do it, and should of course work.

    – RalfFriedl
    Nov 19 '18 at 19:32














1












1








1








I am using NetworkManager (Gnome) to handle all my network connections.
I am connecting to a VPN with OpenVPN. My firewall (nftables) drops all traffic outside of the tun0 interface.



Now I want to connect to a server (that has a static IP) via ssh, but outside of the VPN tunnel, so I want to tell my machine: For every connection to this IP, do not use the VPN but rather connect directly.



What I did so far: Allow a connection to the server in the firewall.



What I am not really able to figure out:
How do I make my machine connect to the server "outside" of the VPN properly?
I already tried to read up on the problem, the answer I have been able to find was routing, so I am supposed to create a route for all the traffic to the server through a different networking interface, so instead of letting those packages through tun0, they are supposed to go through either wlp2s0 or enp1s0, depending on how I am connected at a given moment.



So I did for example
ip route add IP-ADDRESS dev wlp2s0



This somehow seems to work temporarily (but I don't even know if it should). I am not sure though if this is the correct way to do it.
In case that this is the right idea, I want to configure it so this routing is done "automatically" - so whenever my network connection changes (for example I'm switching from wifi to wired connection), I want the route to still be there. How do I do that properly?



My system (not sure if this is relevant) is Archlinux with all the latest packages installed.



The reason I want to do this is because the server I want to connect to is blocking all of the IPs from my VPN provider. I do trust the server though, so I do not need to use the VPN to connect to this server.










share|improve this question
















I am using NetworkManager (Gnome) to handle all my network connections.
I am connecting to a VPN with OpenVPN. My firewall (nftables) drops all traffic outside of the tun0 interface.



Now I want to connect to a server (that has a static IP) via ssh, but outside of the VPN tunnel, so I want to tell my machine: For every connection to this IP, do not use the VPN but rather connect directly.



What I did so far: Allow a connection to the server in the firewall.



What I am not really able to figure out:
How do I make my machine connect to the server "outside" of the VPN properly?
I already tried to read up on the problem, the answer I have been able to find was routing, so I am supposed to create a route for all the traffic to the server through a different networking interface, so instead of letting those packages through tun0, they are supposed to go through either wlp2s0 or enp1s0, depending on how I am connected at a given moment.



So I did for example
ip route add IP-ADDRESS dev wlp2s0



This somehow seems to work temporarily (but I don't even know if it should). I am not sure though if this is the correct way to do it.
In case that this is the right idea, I want to configure it so this routing is done "automatically" - so whenever my network connection changes (for example I'm switching from wifi to wired connection), I want the route to still be there. How do I do that properly?



My system (not sure if this is relevant) is Archlinux with all the latest packages installed.



The reason I want to do this is because the server I want to connect to is blocking all of the IPs from my VPN provider. I do trust the server though, so I do not need to use the VPN to connect to this server.







linux ip vpn route






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited 16 mins ago









user90255

1543312




1543312










asked Nov 19 '18 at 14:04









user246093user246093

61




61








  • 1





    The question need not probably be so convoluted. I bet you would manage to convey you want to escape the normal route of VPN with less than 1/3 of that text. And yes, if you want to mess up with routing, the best course of action is understanding the route (and possibly firewalling) commands.

    – Rui F Ribeiro
    Nov 19 '18 at 14:22













  • Yes, adding the route for that address is the correct way to do it, and should of course work.

    – RalfFriedl
    Nov 19 '18 at 19:32














  • 1





    The question need not probably be so convoluted. I bet you would manage to convey you want to escape the normal route of VPN with less than 1/3 of that text. And yes, if you want to mess up with routing, the best course of action is understanding the route (and possibly firewalling) commands.

    – Rui F Ribeiro
    Nov 19 '18 at 14:22













  • Yes, adding the route for that address is the correct way to do it, and should of course work.

    – RalfFriedl
    Nov 19 '18 at 19:32








1




1





The question need not probably be so convoluted. I bet you would manage to convey you want to escape the normal route of VPN with less than 1/3 of that text. And yes, if you want to mess up with routing, the best course of action is understanding the route (and possibly firewalling) commands.

– Rui F Ribeiro
Nov 19 '18 at 14:22







The question need not probably be so convoluted. I bet you would manage to convey you want to escape the normal route of VPN with less than 1/3 of that text. And yes, if you want to mess up with routing, the best course of action is understanding the route (and possibly firewalling) commands.

– Rui F Ribeiro
Nov 19 '18 at 14:22















Yes, adding the route for that address is the correct way to do it, and should of course work.

– RalfFriedl
Nov 19 '18 at 19:32





Yes, adding the route for that address is the correct way to do it, and should of course work.

– RalfFriedl
Nov 19 '18 at 19:32










0






active

oldest

votes











Your Answer








StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "106"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});














draft saved

draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f482763%2fconfigure-route-specific-connections-outside-of-a-vpn%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown

























0






active

oldest

votes








0






active

oldest

votes









active

oldest

votes






active

oldest

votes
















draft saved

draft discarded




















































Thanks for contributing an answer to Unix & Linux Stack Exchange!


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f482763%2fconfigure-route-specific-connections-outside-of-a-vpn%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







Popular posts from this blog

CARDNET

Boot-repair Failure: Unable to locate package grub-common:i386

濃尾地震