configuring openvpn for specific traffic

[curmudgeon]

The default openvpn configuration that I received includes a "redirect-gateway" line, which sends ALL of the traffic through the vpn including many types that I don't want to send through it (ntp, for example, but many others, as well).

Is there some way (without building a routing table with hundreds of lines) to send specific traffic through the vpn - I am most interested in http and related (things such as rtmp)., but would like to be able to choose by application (which I don't think is possible).

The man page shows an http-proxy option (which actually isn't an option for me, since the tunnel uses the udp protocol, instead of tcp required for an http proxy), but also a socks-proxy option (which might work).

So, let's suppose that my machine has an ip address of 192.168.0.1, and a tunnel endpoint of 10.0.0.1 (with the remote vpn server at 10.0.0.2). How do I configure openvpn (and what other software do I need to run?) so that I can send only the traffic through the vpn that I want to send through the vpn (with the rest going out through the current gateway)?

Thank you in advance.

[Hu]

You could use a network namespace to isolate the effects of the VPN. Place the openvpn client in a private network namespace that is routed back out through the host. Run VPN-using applications in that namespace. Run non-VPN applications in the main namespace. Anything in the VPN-using namespace will respect its routes, including the default route. Anything in the main namespace will use your non-VPN routes.

[curmudgeon]

[Hu]

The simplest way is to use ip netns to manage the network namespaces. That is very low level though, so you might prefer to find or write some wrapper scripts.

[steveL]

IDK if it's relevant, but schorsch_76 wrote a nice tip on bridging VM networks. (Remember: only the bridge interface has an IP address.)

Didn't know about ip netns, thanks Hu.