Skip to main content

OpenVPN Setup Guide with Split Tunneling on Ubuntu

Prerequisites

  • Ubuntu 20.04 or later
  • Root or sudo access
  • OpenVPN server configuration files

Step 1: Install OpenVPN

sudo apt update
sudo apt install openvpn -y

Step 2: Place Configuration Files

Copy your OpenVPN configuration files (e.g., .ovpn) to the /etc/openvpn/client/ directory: 
sudo cp your-config.ovpn /etc/openvpn/client/

Step 3: Configure Split Tunneling

Edit the OpenVPN client configuration file to enable split tunneling. Open the file: 
sudo nano /etc/openvpn/client/your-config.ovpn

Modify the following settings:

  1. Prevent default gateway override: 
    route-nopull
  2. Route only specific traffic through VPN (e.g., a corporate network 10.0.0.0/24): 
    route 10.0.0.0 255.255.255.0
  3. Ensure correct DNS resolution (Optional): 
    dhcp-option DNS 8.8.8.8
dhcp-option DNS 8.8.4.4

Step 4: Start OpenVPN Client

Run OpenVPN using the configuration file: 
sudo openvpn --config /etc/openvpn/client/your-config.ovpn --daemon

Step 5: Verify VPN Connection

Check your IP to confirm split tunneling is working: 
curl ifconfig.me
To ensure only specific traffic is routed via VPN: 
ip route

Step 6: Enable OpenVPN on Boot (Optional)

Create a systemd service file: 
sudo nano /etc/systemd/system/openvpn-client.service
Paste the following: 
[Unit]
Description=OpenVPN client
After=network.target

[Service]
ExecStart=/usr/sbin/openvpn --config /etc/openvpn/client/your-config.ovpn --daemon
Restart=always

[Install]
WantedBy=multi-user.target
Enable and start the service: 
sudo systemctl enable openvpn-client
sudo systemctl start openvpn-client

Step 7: Disconnect OpenVPN

To disconnect, run: 
sudo systemctl stop openvpn-client

Troubleshooting

  • Check OpenVPN logs for errors: 
    journalctl -u openvpn-client --no-pager
  • Restart OpenVPN service: 
    sudo systemctl restart openvpn-client
  • Verify routing rules: 
    ip route show

Conclusion

You have successfully configured OpenVPN with split tunneling on Ubuntu. Now, only specified traffic will pass through the VPN while the rest uses the local network.