Configure (route) specific connections outside of a VPN

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP











up vote
1
down vote

favorite












here is my situation:
I am using NetworkManager (Gnome) to handle all my network connections.
I am connecting to a VPN with OpenVPN. My firewall (nftables) drops all trafic outside of the tun0 interface.



Now I want to connect to a server (that has a static ip) via ssh, but outside of the VPN tunnel, so I want to tell my machine: For every connection to this IP, do not use the VPN but rather connect directly.
What I did so far: Allow a connection to the server in the firewall.



What I am not really able to figure out:
How do I make my machine connect to the server "outside" of the VPN properly?
I already tried to read up on the problem, the answer I have been able to find was routing, so I am supposed to create a route for all the trafic to the server through a different networking interface, so instead of letting those packages through tun0, they are supposed to go through either wlp2s0 or enp1s0, depending on how I am connected at a given moment.
So I did for example
ip route add IP-ADDRESS dev wlp2s0



This somehow seems to work temporarily (but I dont even know if it should). I am not sure though if this is the correct way to do it.
In case that this is the right idea, I want to configure it so this routing is done "automatically" - so whenever my network connection changes (for example im switching from wifi to wired connection), I want the route to still be there. How do I do that properly?



My system (not sure if this is relevant) is Archlinux with all the latest packages installed.



EDIT: The reason I want to do this is because the server I want to connect to is blocking all of the IPs from my VPN provider. I do trust the server though, so I do not need to use the VPN to connect to this server.










share|improve this question

















  • 1




    The question need not probably be so convoluted. I bet you would manage to convey you want to escape the normal route of VPN with less than 1/3 of that text. And yes, if you want to mess up with routing, the best course of action is understanding the route (and possibly firewalling) commands.
    – Rui F Ribeiro
    Nov 19 at 14:22











  • Yes, adding the route for that address is the correct way to do it, and should of course work.
    – RalfFriedl
    Nov 19 at 19:32














up vote
1
down vote

favorite












here is my situation:
I am using NetworkManager (Gnome) to handle all my network connections.
I am connecting to a VPN with OpenVPN. My firewall (nftables) drops all trafic outside of the tun0 interface.



Now I want to connect to a server (that has a static ip) via ssh, but outside of the VPN tunnel, so I want to tell my machine: For every connection to this IP, do not use the VPN but rather connect directly.
What I did so far: Allow a connection to the server in the firewall.



What I am not really able to figure out:
How do I make my machine connect to the server "outside" of the VPN properly?
I already tried to read up on the problem, the answer I have been able to find was routing, so I am supposed to create a route for all the trafic to the server through a different networking interface, so instead of letting those packages through tun0, they are supposed to go through either wlp2s0 or enp1s0, depending on how I am connected at a given moment.
So I did for example
ip route add IP-ADDRESS dev wlp2s0



This somehow seems to work temporarily (but I dont even know if it should). I am not sure though if this is the correct way to do it.
In case that this is the right idea, I want to configure it so this routing is done "automatically" - so whenever my network connection changes (for example im switching from wifi to wired connection), I want the route to still be there. How do I do that properly?



My system (not sure if this is relevant) is Archlinux with all the latest packages installed.



EDIT: The reason I want to do this is because the server I want to connect to is blocking all of the IPs from my VPN provider. I do trust the server though, so I do not need to use the VPN to connect to this server.










share|improve this question

















  • 1




    The question need not probably be so convoluted. I bet you would manage to convey you want to escape the normal route of VPN with less than 1/3 of that text. And yes, if you want to mess up with routing, the best course of action is understanding the route (and possibly firewalling) commands.
    – Rui F Ribeiro
    Nov 19 at 14:22











  • Yes, adding the route for that address is the correct way to do it, and should of course work.
    – RalfFriedl
    Nov 19 at 19:32












up vote
1
down vote

favorite









up vote
1
down vote

favorite











here is my situation:
I am using NetworkManager (Gnome) to handle all my network connections.
I am connecting to a VPN with OpenVPN. My firewall (nftables) drops all trafic outside of the tun0 interface.



Now I want to connect to a server (that has a static ip) via ssh, but outside of the VPN tunnel, so I want to tell my machine: For every connection to this IP, do not use the VPN but rather connect directly.
What I did so far: Allow a connection to the server in the firewall.



What I am not really able to figure out:
How do I make my machine connect to the server "outside" of the VPN properly?
I already tried to read up on the problem, the answer I have been able to find was routing, so I am supposed to create a route for all the trafic to the server through a different networking interface, so instead of letting those packages through tun0, they are supposed to go through either wlp2s0 or enp1s0, depending on how I am connected at a given moment.
So I did for example
ip route add IP-ADDRESS dev wlp2s0



This somehow seems to work temporarily (but I dont even know if it should). I am not sure though if this is the correct way to do it.
In case that this is the right idea, I want to configure it so this routing is done "automatically" - so whenever my network connection changes (for example im switching from wifi to wired connection), I want the route to still be there. How do I do that properly?



My system (not sure if this is relevant) is Archlinux with all the latest packages installed.



EDIT: The reason I want to do this is because the server I want to connect to is blocking all of the IPs from my VPN provider. I do trust the server though, so I do not need to use the VPN to connect to this server.










share|improve this question













here is my situation:
I am using NetworkManager (Gnome) to handle all my network connections.
I am connecting to a VPN with OpenVPN. My firewall (nftables) drops all trafic outside of the tun0 interface.



Now I want to connect to a server (that has a static ip) via ssh, but outside of the VPN tunnel, so I want to tell my machine: For every connection to this IP, do not use the VPN but rather connect directly.
What I did so far: Allow a connection to the server in the firewall.



What I am not really able to figure out:
How do I make my machine connect to the server "outside" of the VPN properly?
I already tried to read up on the problem, the answer I have been able to find was routing, so I am supposed to create a route for all the trafic to the server through a different networking interface, so instead of letting those packages through tun0, they are supposed to go through either wlp2s0 or enp1s0, depending on how I am connected at a given moment.
So I did for example
ip route add IP-ADDRESS dev wlp2s0



This somehow seems to work temporarily (but I dont even know if it should). I am not sure though if this is the correct way to do it.
In case that this is the right idea, I want to configure it so this routing is done "automatically" - so whenever my network connection changes (for example im switching from wifi to wired connection), I want the route to still be there. How do I do that properly?



My system (not sure if this is relevant) is Archlinux with all the latest packages installed.



EDIT: The reason I want to do this is because the server I want to connect to is blocking all of the IPs from my VPN provider. I do trust the server though, so I do not need to use the VPN to connect to this server.







linux ip vpn route






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked Nov 19 at 14:04









user246093

61




61







  • 1




    The question need not probably be so convoluted. I bet you would manage to convey you want to escape the normal route of VPN with less than 1/3 of that text. And yes, if you want to mess up with routing, the best course of action is understanding the route (and possibly firewalling) commands.
    – Rui F Ribeiro
    Nov 19 at 14:22











  • Yes, adding the route for that address is the correct way to do it, and should of course work.
    – RalfFriedl
    Nov 19 at 19:32












  • 1




    The question need not probably be so convoluted. I bet you would manage to convey you want to escape the normal route of VPN with less than 1/3 of that text. And yes, if you want to mess up with routing, the best course of action is understanding the route (and possibly firewalling) commands.
    – Rui F Ribeiro
    Nov 19 at 14:22











  • Yes, adding the route for that address is the correct way to do it, and should of course work.
    – RalfFriedl
    Nov 19 at 19:32







1




1




The question need not probably be so convoluted. I bet you would manage to convey you want to escape the normal route of VPN with less than 1/3 of that text. And yes, if you want to mess up with routing, the best course of action is understanding the route (and possibly firewalling) commands.
– Rui F Ribeiro
Nov 19 at 14:22





The question need not probably be so convoluted. I bet you would manage to convey you want to escape the normal route of VPN with less than 1/3 of that text. And yes, if you want to mess up with routing, the best course of action is understanding the route (and possibly firewalling) commands.
– Rui F Ribeiro
Nov 19 at 14:22













Yes, adding the route for that address is the correct way to do it, and should of course work.
– RalfFriedl
Nov 19 at 19:32




Yes, adding the route for that address is the correct way to do it, and should of course work.
– RalfFriedl
Nov 19 at 19:32















active

oldest

votes











Your Answer








StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "106"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);













 

draft saved


draft discarded


















StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f482763%2fconfigure-route-specific-connections-outside-of-a-vpn%23new-answer', 'question_page');

);

Post as a guest















Required, but never shown






























active

oldest

votes













active

oldest

votes









active

oldest

votes






active

oldest

votes















 

draft saved


draft discarded















































 


draft saved


draft discarded














StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f482763%2fconfigure-route-specific-connections-outside-of-a-vpn%23new-answer', 'question_page');

);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown






Popular posts from this blog

How to check contact read email or not when send email to Individual?

Displaying single band from multi-band raster using QGIS

How many registers does an x86_64 CPU actually have?