[SOLVED] Routing certain traffic outside of VPN

[shiro21 4]

I currently enjoy the safety and anonymity of OpenVPN but would love to avoid the speed performance necessitated by the overhead. Don't get me wrong. The performance drop is not a reflection of AirVPN and the reduction in speed is reasonable. After all, pushing 20 Mbits down is impressive. But I am an unreasonable person and I want to get as close as top speed as I paid my ISP for.

Since I mainly use SFTP, FTPES (FTP SSL/TLS), and my USENET provider encrypts transfers, I figured there's no need to encrypt twice and pay the penalty. I recently tried a propriety OpenVPN client called Viscosity that makes it easy to reroute certain traffic outside the VPN tunnel. But to do that, the OpenVPN servers have to not specifically pull all traffic. During my tinkering, it seems AirVPN's servers are configured to pull all traffic, which under normal situations, is a good thing. Is this the case? If so, can I send a command script to not do that? I tried it and the servers pretty much stopped accepting my credentials for a while and I cried.

[Staff 9972]

I currently enjoy the safety and anonymity of OpenVPN but would love to avoid the speed performance necessitated by the overhead. Don't get me wrong. The performance drop is not a reflection of AirVPN and the reduction in speed is reasonable. After all, pushing 20 Mbits down is impressive. But I am an unreasonable person and I want to get as close as top speed as I paid my ISP for.

Since I mainly use SFTP, FTPES (FTP SSL/TLS), and my USENET provider encrypts transfers, I figured there's no need to encrypt twice and pay the penalty. I recently tried a propriety OpenVPN client called Viscosity that makes it easy to reroute certain traffic outside the VPN tunnel. But to do that, the OpenVPN servers have to not specifically pull all traffic. During my tinkering, it seems AirVPN's servers are configured to pull all traffic, which under normal situations, is a good thing. Is this the case? If so, can I send a command script to not do that? I tried it and the servers pretty much stopped accepting my credentials for a while and I cried.

Hello!

Yes, we confirm that our servers push routes so that ALL the traffic will go in the encrypted tunnel. About your Usenet provider, using the VPN is useful if you wish to hide to that provider your real IP address, just in case...

Instead of refusing the push (which might make your OpenVPN client uneasy), you could rewrite the routing table after the connection, or you could rewrite your OpenVPN configuration file. As usual, proceed with caution. Any mistake can destroy your anonymity layer. Some ideas: http://dltj.org/article/openvpn-split-routing/

EDIT: This thread looks better http://forums.openvpn.net/topic8229.html

Kind regards

[shiro21 4]

I figured it out!! (This is like the fourth time I come to you with questions but figured it out.)

Looking at your links about configuring files and routing tables looked daunting but familiar. Viscosity does allow you to mess with your routing table without knowing any scary command line codes. I just didn't know HOW to configure it. The articles you posted offered instructions on what values to put where. The problem I encountered was that I initially entered the wrong mask and gateway information.

I highly recommend Mac users use Viscosity as an alternative to Tunnelblick. It's only $9 but I think it's easier to use and faster.