How to bypass blocking sites without sending all traffic through VPN
Bypassing locks is a must. Perhaps today in your country blocked the resources that you have not visited so often, but the world is unstable and tomorrow your favorite sites and applications may be on the list.
On Habré, and not only on it, there are many instructions on how to bypass blocking using a VPN , in particular, using OpenVPN , there are also excellent step-by-step console scripts for installing OpenVPN. However, most of the time, such instructions mean that as a result, all Internet traffic will go through a VPN connection, which can be inconvenient for a number of reasons. And in this short post I wanted to tell you how to configure the OpenVPN Access Server and the usual OpenVPN to serve only blocked resources.
Installation and initial configuration of the OpenVPN Access Server is simple and has been described many times. It goes without saying that you will need a server outside the censor country (AWS, Cloudatcost, DigitalOcean, etc.) for this. The essence of the initial setting in our case comes down to 3 points:
Of course, with all the simplicity and convenience, this option has the disadvantage of limiting 2 simultaneous connections in the free version (the minimum package of 10 licenses for a year is $ 15 for each not for everyone), so the lower option is how to achieve the same using regular OpenVPN ( file /etc/openvpn/server.conf):
Do not forget to reload our server configuration:
After connecting to your server, you can check the result, say, by tracing a route to one of the addresses / domains that is blocked and then to another that is allowed in your country. Expected result: in the first case, the traffic will go through an encrypted tunnel to your server, in the second - as usual, through your provider's network. This method works fine on all major platforms, including iOS.
Thus, with minimal effort, you get a fast-running Internet with slightly slower access to blocked resources. I would be glad if this helps someone :)
On Habré, and not only on it, there are many instructions on how to bypass blocking using a VPN , in particular, using OpenVPN , there are also excellent step-by-step console scripts for installing OpenVPN. However, most of the time, such instructions mean that as a result, all Internet traffic will go through a VPN connection, which can be inconvenient for a number of reasons. And in this short post I wanted to tell you how to configure the OpenVPN Access Server and the usual OpenVPN to serve only blocked resources.
Installation and initial configuration of the OpenVPN Access Server is simple and has been described many times. It goes without saying that you will need a server outside the censor country (AWS, Cloudatcost, DigitalOcean, etc.) for this. The essence of the initial setting in our case comes down to 3 points:
- Advanced VPN → Additional OpenVPN Config Directives (Advanced): Server Config Directives - Add the list of addresses you want to access via OpenVPN directly (you can use the nslookup or dig commands to determine these addresses):
')push route 77.88.55.77 255.255.255.255 vpn_gateway push route 5.255.255.77 255.255.255.255 vpn_gateway push route 77.88.55.88 255.255.255.255 vpn_gateway push route 5.255.255.88 255.255.255.255 vpn_gateway
Save settings, update server configuration
- VPN Settings → Routing: Should VPNs have access to private subnets (non-public networks on the server side)? - Yes, using NAT , after which we add CIDR blocks of networks in which the blocked resources are located
77.88.55.0/24 5.255.255.0/24
The network mask should not be taken too large so as not to capture other resources in these networks and thus not slow down their work for themselves. - VPN Settings → Routing: Should client Internet traffic be routed through the VPN? - No. Save settings, update server configuration
Of course, with all the simplicity and convenience, this option has the disadvantage of limiting 2 simultaneous connections in the free version (the minimum package of 10 licenses for a year is $ 15 for each not for everyone), so the lower option is how to achieve the same using regular OpenVPN ( file /etc/openvpn/server.conf):
# #push "redirect-gateway def1 bypass-dhcp" #Google public DNS push "dhcp-option DNS 8.8.8.8" push "dhcp-option DNS 8.8.4.4" # -- DNS- VPN push "route 8.8.8.8 255.255.255.255 vpn_gateway" push "route 8.8.4.4 255.255.255.255 vpn_gateway" # ip- push "route 77.88.55.77 255.255.255.255 vpn_gateway" push "route 5.255.255.77 255.255.255.255 vpn_gateway" push "route 77.88.55.88 255.255.255.255 vpn_gateway" push "route 5.255.255.88 255.255.255.255 vpn_gateway" Do not forget to reload our server configuration:
sudo service openvpn reload After connecting to your server, you can check the result, say, by tracing a route to one of the addresses / domains that is blocked and then to another that is allowed in your country. Expected result: in the first case, the traffic will go through an encrypted tunnel to your server, in the second - as usual, through your provider's network. This method works fine on all major platforms, including iOS.
Thus, with minimal effort, you get a fast-running Internet with slightly slower access to blocked resources. I would be glad if this helps someone :)
Source: https://habr.com/ru/post/329706/
All Articles