Using VPN for particular sites only

bigguns · May 3, 2012, 1:58pm

Hi there,
I was wondering if someone could help me. I would like to a VPN PPTP or L2TP connection for only certain sites (i.e. on demand). But all other web traffic routed as per normal.

Could someone help me how I’d go about doing this.

jandafields · May 3, 2012, 2:07pm

Simply use routes to send certain sites over the vpn. You can get as complex as you want.

bigguns · May 5, 2012, 9:24pm

Could you give an example of how to do this please - I’m struggling to setup this.

thank you

jandafields · May 5, 2012, 10:37pm

IP → ROUTE
Add new route
Dst Address = Whatever IP(s) you want routed over the pptp link.
Gateway = Here you put the IP address of the remote PPTP server. Or, if router is your PPTP server, then you put the name of the interface.

CelticComms · May 5, 2012, 10:41pm

There are various ways to achieve this and the best depends on the detail of what you want to achieve. e.g. You could set up the routing table to support the VPN path for (say) routing mark “VPN”. The routes involved will then show in the routing table with the “VPN” routing mark. You then have various ways to set that routing mark as clients make connections - could be based on the source IP, destination IP, type of traffic, in-interface etc. etc. .

If you can give more details on how/when you want to have the traffic use the VPN it would be easier to make suggestions.

bigguns · May 6, 2012, 1:58pm

Hi
Thanks for your replies.

Basically there are only specific webpages that I would like to route over VPN for example let’s say google.com. Any times that someone in the LAN requests to visit google.com, that visit should be transported over VPN.
If there user remains on google.com - looking for search results or adjust the search results that should all be transported through the VPN - basically anything with google.com/* or *.google.com.

If that same user is looking at another webpage like hsbc.co.uk then that traffic is routed as per normal.

warwick09 · May 7, 2012, 3:36am

Firstly google has soo many ip ranges, it’d be quite hard to effectively to apply routing marking in this case - you can certainly try however.

Here they are:

66.102.0.0 - 66.102.15.255
66.249.64.0 - 66.249.95.255
72.14.192.0 - 72.14.255.255
74.125.0.0 - 74.125.255.255
209.85.128.0 - 209.85.255.255
216.239.32.0 - 216.239.63.255
64.233.160.0 - 64.233.191.255

What you want can easily be accomplished my applying a routing mark to the given ip range and then creating a route with dst 0.0.0.0/0 with a routing mark which corresponds to what you created - Be sure to specify the gateway which is used by the vpn connection, or to be crude you can select the interface itself.