A VPN usually protects your entire internet connection. This is usually considered a feature. There are cases, however, where you might want to keep the VPN running, but want to exempt websites from the VPN.
This is possible using technique known as inverse split tunneling. It allows you to run a standard VPN connection, but to route requests for specified websites outside the VPN.
I live in the UK, and therefore have access to BBC iPlayer. I also use a VPN religiously. Unfortunately, BBC iPlayer now blocks most VPNs from accessing its service. This means that to watch iPlayer, I must disconnect my VPN. Not only is this inconvenient, but it presents a security risk, since I am now longer protected by my VPN.
I therefore want to keep my VPN running, but to exempt the BBC iPlayer website so that I access it outside of the VPN. This will allow me to watch BBC iPlayer without disconnecting my VPN.
How to Exempt Websites from your VPN
The method described here is a simple but effective hack that involves modifying your OpenVPN configuration file (.ovpn). It only works for OpenVPN connections, but I do not consider this a major issue as OpenVPN is the VPN protocol you should be using anyway.
It is also possible, however, for those brave enough, to exempt websites using IP routing tables. This is something that I may discuss in a future article.
1. Determine the IP address of your router and make a note of it.
My router’s IP address is 192.168.1.1
2. Open your OpenVPN configuration file in a text editor (such as Notepad or TextEdit). If using the open source OpenVPN client, this can be found in the OpenVPN program’s “config” folder (C:/Program Files/OpenVPN/config by default in Windows).
Most custom OpenVPN clients make of standard .ovpn files, in which case this hack will work for them also. These .ovpn files can usually be found in the custom program’s folder. Alternatively, clients such as AirVPN’s Eddy allow you to add custom OVPN commands via the client.
3. Add a new line to the text, before the <ca> certificate begins (if part of the config file). The format is:
route <address> 255.255.255.255 < router IP>
<address> is the URL of the website you wish to exempt from your VPN. Just enter the domain name (not www. if used). <router IP> is the IP address of your router that you made a note of in Step 1.
- The website URL I want to exempt. 2. My home router’s IP address
4. Repeat the process on a new line for each website that you wish to exempt.
5. Hit Save.
6. Check that everything is working properly. I added iplocation.org so for this reason. iplocation.org now shows my real IP address and physical location (no VPN), while IPLeak.net (which is not exempted) shows the IP address of my VPN provider’s servers in the Netherlands. BBC iPlayer also now works, even when I am connected to my VPN.
It may seem obvious, but do please remember that when visiting an exempted website you are not protected by your VPN. This means that your ISP can see that you have visited that website if it is protected by HTTPS encryption, or everything you do on that website if it is not.