How to Exempt Websites from your VPN

A VPN usually protects your entire internet connection. This is usually considered a feature. There are cases, however, where you might want to keep the VPN running, but want to exempt websites from the VPN.

This is possible using technique known as inverse split tunneling. It allows you to run a standard VPN connection, but to route requests for specified websites outside the VPN.


I live in the UK, and therefore have access to BBC iPlayer. I also use a VPN religiously. Unfortunately, BBC iPlayer now blocks most VPNs from accessing its service. This means that to watch iPlayer, I must disconnect my VPN. Not only is this inconvenient, but it presents a security risk, since I am now longer protected by my VPN.

I therefore want to keep my VPN running, but to exempt the BBC iPlayer website so that I access it outside of the VPN. This will allow me to watch BBC iPlayer without disconnecting my VPN.

How to Exempt Websites from your VPN

The method described here is a simple but effective hack that involves modifying your OpenVPN configuration file (.ovpn). It only works for OpenVPN connections, but I do not consider this a major issue as OpenVPN is the VPN protocol you should be using anyway.

It is also possible, however, for those brave enough, to exempt websites using IP routing tables. This is something that I may discuss in a future article.

1. Determine the IP address of your router and make a note of it.

Determin IP address - Exempt websites from your VPN

My router’s IP address is

2. Open your OpenVPN configuration file in a text editor (such as Notepad or TextEdit). If using the open source OpenVPN client, this can be found in the OpenVPN program’s “config” folder (C:/Program Files/OpenVPN/config by default in Windows).

Most custom OpenVPN clients make of standard .ovpn files, in which case this hack will work for them also. These .ovpn files can usually be found in the custom program’s folder. Alternatively, clients such as AirVPN’s Eddy allow you to add custom OVPN commands via the client.

3. Add a new line to the text, before the <ca> certificate begins (if part of the config file). The format is:

 route <address> < router IP>

<address> is the URL of the website you wish to exempt from your VPN. Just enter the domain name (not www. if used). <router IP> is the IP address of your router that you made a note of in Step 1.

Edit .ovpn file

  1. The website URL I want to exempt. 2. My home router’s IP address

4. Repeat the process on a new line for each website that you wish to exempt.

5. Hit Save.

6. Check that everything is working properly. I added so for this reason. now shows my real IP address and physical location (no VPN), while (which is not exempted) shows the IP address of my VPN provider’s servers in the Netherlands. BBC iPlayer also now works, even when I am connected to my VPN.

Please remember…

It may seem obvious, but do please remember that when visiting an exempted website you are not protected by your VPN. This means that your ISP can see that you have visited that website if it is protected by HTTPS encryption, or everything you do on that website if it is not.

Douglas Crawford I am a freelance writer, technology enthusiast, and lover of life who enjoys spinning words and sharing knowledge for a living. Find me on Google+

Related Coverage


4 responses to “How to Exempt Websites from your VPN

  1. Why is there the situation when modern websites determine your vpn using? It created for bypassing different restricted sites and having access to any sites you want. But now there’s a struggle between vpn services and advanced protection of sites. But for creating the split tunneling do we need the definite protocol or it doesn’t matter which one to use?
    According to the article there’re different types of protocols and various features belong to them. So does it influent somehow or not?

    1. Hi Dereck,

      1) I have a much more complete article that the one you link on the different VPN protocols used – please see PPTP vs L2TP vs OpenVPN vs SSTP vs IKEv2
      2) Websites block VPN users by blocking IP ranges known to be used by popular VPN providers. Changing VPN protocol will not help, although switching VPN servers might. Some VPN providers continue to play cat-and-mouse qwityh services such as Netflix by regularly refreshing their IP pool, but many have given up.
      3) Split tunneling as described in this article allows you to access some website without a VPN connection, even when you have a VPN running. It is therefore useful for accessing websites that block VPN users, but which you are normally allowed access to.

  2. How do I exempt a page on Linux? There is no /etc/openvpn/config or something like this. Do I have to add it on each .ovpn file?

    1. Hi S,

      Yup. This trick should work regardless of the OS – you just add the line to your .ovpn file (wherever it is located).

Leave a Reply

Your email address will not be published. Required fields are marked *