ProPrivacy is reader supported and sometimes receives a commission when you make purchases using links on this site.

How to Exempt Websites from your VPN

A VPN usually protects your entire internet connection. This is usually considered a feature. There are cases, however, where you might want to keep the VPN running, but want to exempt websites from the VPN.

This is possible using technique known as inverse split tunneling. It allows you to run a standard VPN connection, but to route requests for specified websites outside the VPN.

Example

I live in the UK, and therefore have access to BBC iPlayer. I also use a VPN religiously. Unfortunately, BBC iPlayer now blocks most VPNs from accessing its service. This means that to watch iPlayer, I must disconnect my VPN. Not only is this inconvenient, but it presents a security risk, since I am no longer protected by my VPN.

I therefore want to keep my VPN running, but to exempt the BBC iPlayer website so that I access it outside of the VPN. This will allow me to watch BBC iPlayer without disconnecting my VPN. For more about using a VPN for iPlayer take a look at our iPlayer VPN guide.

How to Exempt Websites from your VPN

The method described here is a simple but effective hack that involves modifying your OpenVPN configuration file (.ovpn). It only works for OpenVPN connections, but I do not consider this a major issue, as OpenVPN is the VPN protocol you should be using anyway.

It is also possible, however, for those brave enough, to exempt websites using IP routing tables. This is something that I may discuss in a future article.

1. Determine the IP address of your router and make a note of it.

Determin IP address - Exempt websites from your VPN

My router’s IP address is 192.168.1.1

2. Open your OpenVPN configuration file in a text editor (such as Notepad or TextEdit). If using the open source OpenVPN client, this can be found in the OpenVPN program’s “config” folder (C:/Program Files/OpenVPN/config by default in Windows).

Most custom OpenVPN clients make of standard .ovpn files, in which case this hack will work for them also. These .ovpn files can usually be found in the custom program’s folder. Alternatively, clients such as AirVPN’s Eddy allow you to add custom OVPN commands via the client.

3. Add a new line to the text, before the certificate begins (if part of the config file). The format is:

route

255.255.255.255 router IP>

is the URL of the website you wish to exempt from your VPN. Just enter the domain name (not www. if used). is the IP address of your router that you made a note of in Step 1.

Edit .ovpn file

 

4. The website URL I want to exempt. 2. My home router’s IP address

5. Repeat the process on a new line for each website that you wish to exempt.

6. Hit Save.

7. Check that everything is working properly. To do this you can use our IP leak testing tool to ensure that your VPN is working. If your VPN has a leak then the website you are visiting can see your real IP address. Simply follow the instructions on the page to complete the test.

Please remember…

It may seem obvious, but do please remember that when visiting an exempted website you are not protected by your VPN. This means that your ISP can see that you have visited that website. Although if it is protected by HTTPS encryption, of course, everything you do on that website is hidden.

Written by: Douglas Crawford

Has worked for almost six years as senior staff writer and resident tech and VPN industry expert at ProPrivacy.com. Widely quoted on issues relating cybersecurity and digital privacy in the UK national press (The Independent & Daily Mail Online) and international technology publications such as Ars Technica.

4 Comments

Mick
on January 30, 2017
Hi, useful article, I use dd-wrt with OpenVpn, could I do something similar?
https://cdn.proprivacy.com/storage/images/proprivacy/02/member-dougjpg-avatar-image-default-1png-avatar-image-default-minpng-avatar_image-small_webp.webp
Douglas Crawford replied to Mick
on January 31, 2017
Hi Mick. I have not tried it yet, but the same trick should work with your router, as it involves simply editing the .ovpn config file. Just use the modified .ovpn for your router's OpenVPN configuration. Another option (as noted in the article) is to use ip routing tables. Here is a good example.
S
on June 11, 2016
How do I exempt a page on Linux? There is no /etc/openvpn/config or something like this. Do I have to add it on each .ovpn file?
https://cdn.proprivacy.com/storage/images/proprivacy/02/member-dougjpg-avatar-image-default-1png-avatar-image-default-minpng-avatar_image-small_webp.webp
Douglas Crawford replied to S
on June 13, 2016
Hi S, Yup. This trick should work regardless of the OS - you just add the line to your .ovpn file (wherever it is located).

Write Your Own Comment

Your comment has been sent to the queue. It will appear shortly.

Your comment has been sent to the queue. It will appear shortly.

Your comment has been sent to the queue. It will appear shortly.

  Your comment has been sent to the queue. It will appear shortly.

We recommend you check out one of these alternatives:

The fastest VPN we test, unblocks everything, with amazing service all round

A large brand offering great value at a cheap price

One of the largest VPNs, voted best VPN by Reddit

One of the cheapest VPNs out there, but an incredibly good service